CVE program gets last-minute lifeline.

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.

Today is Wednesday April 16th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The CVE program gets a last-minute reprieve. 

The CVE program, short for Common Vulnerabilities and Exposures, is a publicly available list of known cybersecurity vulnerabilities. Each vulnerability gets a unique ID (like CVE-2025-12345) that helps security professionals, software vendors, and researchers talk about the same issue using the same name—kind of like a universal language for bugs.

Managed by MITRE Corporation and funded by the U.S. government, the program plays a critical role in threat intelligence, patch management, and security automation. It’s the backbone for many tools and databases, including the National Vulnerability Database (NVD), and it helps defenders prioritize which issues to fix first. Think of it as the Dewey Decimal System of cybersecurity flaws.

In a critical development for global cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the Common Vulnerabilities and Exposures (CVE) program, reportedly for eleven months, preventing an imminent lapse in this essential service. 

The funding extension comes just hours before the program’s contract was set to expire. MITRE had warned that a break in service could lead to significant disruptions, including the deterioration of national vulnerability databases, challenges for tool vendors, and impediments to incident response operations.

Amid these developments, a group of CVE Board members announced the formation of the CVE Foundation, a non-profit organization aimed at ensuring the long-term stability and independence of the CVE program. The Foundation seeks to mitigate the risks associated with reliance on a single government sponsor by establishing a dedicated entity focused on maintaining the integrity and availability of CVE data for defenders worldwide.

Concurrently, MITRE Corporation is facing significant organizational changes, announcing plans to lay off 442 employees at its McLean, Virginia location by June 3, 2025. These layoffs are attributed to the cancellation of contracts by the Department of Energy, reflecting broader challenges in the federal contracting landscape.

The swift action by CISA to extend funding underscores the critical importance of the CVE program in maintaining national and global cybersecurity infrastructure. The establishment of the CVE Foundation represents a proactive step toward ensuring the program’s resilience and independence in the face of funding uncertainties.

A federal whistleblower alleges a security breach at the NLRB. 

A federal cybersecurity specialist, Daniel Berulis, has filed a whistleblower complaint alleging that the Department of Government Efficiency (DOGE), under President Trump, caused a security breach at the National Labor Relations Board (NLRB) and may have illegally extracted sensitive data. In a sworn statement sent to Congress and a federal whistleblower office, Berulis claimed DOGE staff disabled security protocols like multi-factor authentication and internal alerts shortly after arriving at NLRB in March. He reported detecting a data transfer of over 10 gigabytes, including personal and confidential business information. He also cited login attempts from foreign locations, including a Russian IP using DOGE-created credentials. Berulis, who holds a Top Secret clearance, provided screenshots as evidence. The White House stated DOGE was transparent in its activities.

Texas votes to spin up their very own Cyber Command. 

The Trump administration has voiced its intentions to shift responsibilities from the federal government to the states. The Texas House has passed legislation to create a new state cybersecurity agency, the Texas Cyber Command, aimed at defending against growing cyber threats. Backed by $135 million over two years, the command would operate through the University of Texas System, based at UT San Antonio. It will focus on cyber threat response, forensics, and training, while centralizing efforts previously handled by the Department of Information Resources. Governor Abbott has called the bill an emergency priority amid rising cyberattacks on Texas infrastructure.

BreachForums suffers another takedown. 

BreachForums, a well-known hacker marketplace, was reportedly taken down again, this time by pro-Palestinian hacktivist group Dark Storm Team, which claimed responsibility for a DDoS attack. The takedown comes amid unverified rumors of the arrest of “IntelBroker,” a prominent figure linked to past major cyberattacks. Though some speculated an FBI seizure, no official signs support that claim. Dark Storm, known for targeting NATO nations and Musk’s X platform, promotes itself as a “cybercrime-as-a-service” group with both political and commercial motives.

A watchdog group sues the federal government over SignalGate allegations. 

Attorneys for watchdog group American Oversight allege the U.S. government deliberately used encrypted, disappearing Signal messages to evade transparency laws during military operations in Yemen, WIRED reports. They claim newly filed court documents reveal inconsistent and inadequate efforts by agencies like the CIA to preserve these communications, violating the Federal Records Act. The controversy—dubbed “SignalGate”—involves high-level Trump-era officials including Secretary of Defense Pete Hegseth and Vice President J.D. Vance. Although some messages were partially recovered, most were likely deleted before preservation efforts began. The Justice Department argues there’s no enforceable public right to challenge the deletion of records. American Oversight plans to expand its lawsuit, citing the broader, systemic use of Signal by national security officials as a threat to democratic accountability and record-keeping laws.

The SEC Chair reveals a 2016 hack. 

SEC Chairman John Clayton released a lengthy cybersecurity statement yesterday, revealing that the agency was hacked in 2016. Buried deep in the statement was the disclosure that attackers exploited a vulnerability in the SEC’s EDGAR system, which stores financial records of public companies. The breach may have enabled illicit stock trading and involved fake filings meant to sway markets. Clayton said no personal data was compromised, but noted other lapses, like unsecured emails and missing laptops. He pledged to boost cybersecurity efforts.

ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. 

A new remote access trojan called ResolverRAT is targeting organizations worldwide, especially in the healthcare and pharmaceutical sectors. Discovered by Morphisec, ResolverRAT is spread through phishing emails posing as legal or copyright violations, with language tailored to the target’s region. The malware runs entirely in memory, using .NET tricks to avoid detection. It secures persistence via the registry and system folders, and exfiltrates large files in small chunks to blend in with normal traffic. ResolverRAT has been seen in multiple languages, signaling global reach.

Microsoft warns of blue screen crashes following recent updates. 

Microsoft has warned that recent Windows 11 updates may trigger a SECURE_KERNEL_ERROR blue screen crash on devices running version 24H2. The issue stems from March and April updates (KB5053656 and KB5055523). Microsoft is addressing the bug using Known Issue Rollback (KIR), which automatically reverts problematic updates on home and unmanaged business PCs within 24 hours. For enterprise systems, IT admins must manually deploy a Group Policy fix. Microsoft also issued emergency updates this week for other Windows issues, including domain controller outages.

4chan gets Soyjacked. 

And finally, 4chan — which security researcher Kevin Beaumont smartly described as the internet’s litter box — was knocked offline today after what appears to be a major breach. The culprits? Users from Soyjak.party, proudly taking credit for “Operation Soyclipse,” a long-brewing plan allegedly executed by a hacker who claims to have lurked inside 4chan’s systems for over a year. Using the handle Chud (because of course), the group leaked screenshots of admin panels, staff emails, and hinted at full access to the site’s backend, including IP tracking and board controls. Their weapon of choice? Apparently, 4chan’s outdated PHP setup from 2016, which might as well have been a digital welcome mat. To contain the fallout, 4chan’s admins pulled the plug, but not before pieces of the site’s code showed up on Kiwi Farms. As of now, the site’s flickering online presence suggests damage control is still in progress. 

4chan’s been a digital cockroach for 20 years, but apparently even cockroaches can get stomped if their firewall is made of chewing gum and nostalgia.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.