CISA: Third-Party Data Breach Limited to Treasury Dept.

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the third-party breach that affected the US Treasury Department at the hands of Chinese threat actors was limited to just that agency.
"CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident," the CISA stated in a brief bulletin. "At this time, there is no indication that any other federal agencies have been impacted by this incident."
The department alerted lawmakers on Dec. 30 to the intrusion, noting that cyber threat actors were able to compromise systems and steal data from workstations.
The adversaries broke into the Treasury Department by exploiting a bug in BeyondTrust, a vendor that offers software-as-a-service (SaaS)-based cybersecurity, and gained access to a remote key that secured a cloud-based service providing technical support to Treasury Department Offices' (DO) end users. From there, they were able to override security and remotely access Treasury DO workstations.
As CISA continues to monitor the situation, it reports that it is "working aggressively to safeguard against any further impacts and will provide updates, as appropriate."
BeyondTrust updated its statement on the incident yesterday, stating that its forensic investigation is nearly complete, all SaaS instances of BeyondTrust Remote Support have been fully patched, and no new victims have been identified other than those previously communicated.
Washington state sues T-Mobile over 2021 data breach security failures
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner