politico.com - The identities of confidential court informants are feared compromised in a series of breaches across multiple U.S. states.

The electronic case filing system used by the federal judiciary has been breached in a sweeping cyber intrusion that is believed to have exposed sensitive court data across multiple U.S. states, according to two people with knowledge of the incident.

The hack, which has not been previously reported, is feared to have compromised the identities of confidential informants involved in criminal cases at multiple federal district courts, said the two people, both of whom were granted anonymity because they were not authorized to speak publicly about the hack.

The Administrative Office of the U.S. Courts — which manages the federal court filing system — first determined how serious the issue was around July 4, said the first person. But the office, along with the Justice Department and individual district courts around the country, is still trying to determine the full extent of the incident.

It is not immediately clear who is behind the hack, though nation-state-affiliated actors are widely suspected, the people said. Criminal organizations may also have been involved, they added.

The Administrative Office of the U.S. Courts declined to comment. Asked whether it is investigating the incident, the FBI referred POLITICO to the Justice Department. The Justice Department did not immediately reply to a request for comment.

It is not immediately clear how the hackers got in, but the incident is known to affect the judiciary’s federal core case management system, which includes two overlapping components: Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and PACER, a system that gives the public limited access to the same data.

In addition to records on witnesses and defendants cooperating with law enforcement, the filing system includes other sensitive information potentially of interest to foreign hackers or criminals, such as sealed indictments detailing non-public information about alleged crimes, and arrests and search warrants that criminal suspects could use to evade capture.

Chief judges of the federal courts in the 8th Circuit — which includes Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota, and South Dakota — were briefed on the hack at a judicial conference last week in Kansas City, said the two people. It is unclear who delivered the brief, though the Director of the Administrative Office of the U.S. Courts, Judge Robert J. Conrad, Jr., was in attendance, per the first person. Supreme Court Justice Brett Kavanaugh was also in attendance but didn’t address the breach in his remarks.

Staff for Conrad, a district judge in the Western District of North Carolina, declined to comment.

The hack is the latest sign that the federal court filing system is struggling to keep pace with a rising wave of cybersecurity threats.

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation.

Stay updated on the latest developments of the Chrome Web Store incident involving Cyberhaven's compromised extension. Follow live updates, detailed analysis, impacted extensions, and expert recommendations for safeguarding your organization against similar attacks

Threat actors sponsored by China “compromised” government networks over the past five years and collected valuable information, says a new report from Canada’s cyber spy agency.

China-linked threat actors compromised some U.S. internet service providers as part of a cyber espionage campaign code-named Salt Typhoon.

The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks.

The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.

Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.

SecurityScorecard has discovered the threat actor group Volt Typhoon has compromised 30% of Cisco RV320/325 Devices in 37 Days. Learn more.

The X account of the U.S. Securities and Exchange Commission, which is deciding whether to approve bitcoin ETFs, "was compromised," the regulator told CoinDesk.

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).

$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

On August 4, 2022, Twilio identified accounts of employees who were compromised by a social engineering attack. The attacker then gained access to data for a limited number of customers.