Getty ImagesGetty Images[News](https://www.techtarget.com/news/)News brief: National cyberdefenses under mounting pressure==========================================================Check out the latest security news from the Informa TechTarget team.——————————————————————–* Share this item with your network:* * * * [](https://www.techtarget.com/searchsecurity/news/366633052/News-brief-National-cyberdefenses-under-mounting-pressure?vgnextfmt=print)* [](mailto:?subject=News brief: National cyberdefenses under mounting pressure | TechTarget&body=https://www.techtarget.com/searchsecurity/news/366633052/News-brief-National-cyberdefenses-under-mounting-pressure)* * * | * | * | * | * [](mailto:?subject=News brief: National cyberdefenses under mounting pressure | TechTarget&body=https://www.techtarget.com/searchsecurity/news/366633052/News-brief-National-cyberdefenses-under-mounting-pressure)By* [Staff report](https://www.techtarget.com/contributor/Staff-report)Published: 17 Oct 2025 Some experts and lawmakers warn U.S. cyberdefenses are becoming more vulnerable by the day, as nation-state threats escalate. That one-two punch could have serious implications for national security and both public- and private-sector cyber-risk. This week’s featured articles cover a major nation-state attack that experts are comparing to the [SolarWinds breach](https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know), a China-based threat group’s concerning use of a legitimate security tool for malicious purposes and further workforce reductions at CISA.Nation-state hackers target F5, sending federal government scrambling———————————————————————An unnamed nation-state threat actor breached F5’s systems, the vendor said this week, gaining long-term, persistent access to the company’s engineering platforms and stealing sensitive data. The attackers obtained BIG-IP source code, information about undisclosed vulnerabilities and customer configuration details that could enable future attacks.F5 said it discovered the breach in August but didn’t disclose when it began. In response, CISA issued an emergency directive requiring federal agencies to immediately secure their F5 devices, patch most affected products by Oct. 22 and disconnect end-of-life systems.The incident evokes the SolarWinds attack and raises concerns about supply chain security, though F5 said it has found no evidence of software tampering. Thousands of F5 products are deployed across federal agencies.In the private sector, nearly every organization in the Fortune 50 reportedly uses F5 technology. Researchers at Palo Alto Networks said that as of Oct. 15 — the day after F5 announced the attack — they had identified more than [600,000 unpatched, internet-facing F5 network security devices](https://www.cybersecuritydive.com/news/f5-supply-chain-hack-internet-connected-devices-stats/803108/).*[Read the full story by Eric Geller on Cybersecurity Dive](https://www.cybersecuritydive.com/news/f5-supply-chain-breach-nation-state-cisa/802887/).*Chinese hackers weaponize security tool in ransomware attacks————————————————————-The China-based threat group Storm-2603 has weaponized Velociraptor, an open source digital forensics and incident response tool, in ransomware attacks.Cisco Talos researchers observed the group deploying multiple ransomware variants — including Warlock, LockBit and Babuk — on VMware ESXi servers during an August incident. Storm-2603 installed an outdated version of Velociraptor with a privilege escalation vulnerability to maintain persistent network access while concealing malicious activities.This represents a concerning shift wherein attackers repurpose legitimate security tools for offensive operations to conduct what are called [living-off-the-land attacks](https://www.techtarget.com/searchsecurity/tip/How-to-prevent-living-off-the-land-attacks).*[Read the full story by Rob Wright on Dark Reading](https://www.darkreading.com/cybersecurity-operations/chinese-hackers-velociraptor-ir-tool-ransomware-attacks).*CISA loses more employees to layoffs and reassignments——————————————————The Trump administration is [further downsizing CISA](https://www.cybersecuritydive.com/news/cisa-layoffs-reassignments-dhs-white-house-government-shutdown/802723/), this time through both layoffs and forced relocations. Since October 1, the Department of Homeland Security has laid off 176 employees, the majority from CISA. The [agency had already lost about a third of its workforce](https://www.cybersecuritydive.com/news/cisa-departures-trump-workforce-purge/749796/) in 2025.The downsizing has reportedly created a severe morale crisis within CISA, with employees feeling uncertain about their roles. Republicans said the cuts are necessary to get the agency back on track after it became involved in combating election misinformation in 2020. But cybersecurity experts and Democratic lawmakers warned the disruption could weaken America’s cyberdefense capabilities at a time when global threats are rapidly evolving and, in some cases, escalating.*[Read the full story by Eric Geller on Cybersecurity Dive](https://www.cybersecuritydive.com/news/cisa-workforce-cuts-eric-swalwell-letter/802842/).* #### Related Resources* [Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification](https://www.brighttalk.com/webcast/8325/650676) –Talk* [Beyond the Numbers: Actionable strategies from the 2025 MSI](https://www.brighttalk.com/webcast/15099/652700) –Talk* [Miercom Cloud NGFW (Next-Generation Firewall) Competitive Assessment](https://www.techtarget.com/hub/asset/1759892607_323) –Palo Alto Networks* [Threat-Based Security Risk Management — A Zero Trust Evolution](https://www.brighttalk.com/webcast/288/651144) –Talk#### Dig Deeper on Threats and vulnerabilities*  ##### Warlock ransomware may be linked to Chinese state  By: Alex Scroxton*  ##### News brief: Cybersecurity weakened by government shutdown By: Staff report*  ##### News brief: AI cybersecurity worries mount By: Staff report*  ##### News brief: Rising OT threats put critical infrastructure at riskBy: Staff report | Sponsored News|| * [Defeating Ransomware With Recovery From Backup](https://www.techtarget.com/searchdatabackup/modern-backup-considerations/Defeating-Ransomware-With-Recovery-From-Backup) –Exagrid| * [Protect Your Data and Recover From Cyber Attacks](https://www.techtarget.com/searchcio/MulticloudbyDesign/Protect-Your-Data-and-Recover-From-Cyber-Attacks) –Dell Technologies| * [Strong warning issued to hospitals by HHS about EHR security](https://www.techtarget.com/healthtechsecurity/Commvault/Strong-warning-issued-to-hospitals-by-HHS-about-EHR-security) –Commvault + Microsoft| * [See More](https://www.techtarget.com/searchsecurity/sponsored_communities)| Related Content|| * [News brief: Cybersecurity weakened by government …](https://www.techtarget.com/searchsecurity/news/366632205/News-brief-Cybersecurity-weakened-by-government-shutdown) — Search Security| * [Microsoft confirms China link to SharePoint hacks](https://www.computerweekly.com/news/366628014/Microsoft-confirms-China-link-to-SharePoint-hacks) — ComputerWeekly.com* [News brief: CISA and partners face budget overhauls, …](https://www.techtarget.com/searchsecurity/news/366625613/News-brief-CISA-and-partners-face-budget-overhauls-cuts) — Search Security
Related Tags:
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 927 – Space Research And Technology
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 926 – Administration Of Economic Programs
NAICS: 51 – Information
Babyk
Associated Indicators: