ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators
Latest cybersecurity policy news, analysis, and intelligence.
The Cybersecurity and Infrastructure Security Agency has issued Emergency Directive ED-25-02, ordering all federal civilian agencies to immediately disconnect or apply mitigations to Ivanti Connect Secure and Policy Secure appliances amid confirmed exploitation by multiple threat actors.
The European Union's Cyber Resilience Act (CRA) has entered its first enforcement phase, requiring all connected device manufacturers selling in the EU to demonstrate baseline cybersecurity properties. Non-compliant products face market withdrawal orders and fines up to 15 million euros or 2.5% of global turnover.
ISC2's 2025 Cybersecurity Workforce Study finds the global shortage of cybersecurity professionals has grown to 4.8 million, up 15% from 2024. The report identifies AI skill gaps and a severe decline in entry-level hiring as primary drivers, with workforce diversity declining for the first time in five years.