🟡 CVE-2025-3800: A vulnerability has been found... 🟡 CVE-2025-3799: A vulnerability, which was cla... 🟡 CVE-2025-3798: A vulnerability, which was cla... 🟡 CVE-2025-3661: The SB Chart block plugin for ... ⚠️ CVE-2025-3404: The Download Manager plugin fo... 🔥 CVE-2021-4455: The Wordpress Plugin Smart Pro... 🟡 CVE-2025-3797: A vulnerability classified as ... ⚠️ CVE-2025-3809: The Debug Log Manager plugin f... ⚠️ CVE-2025-2111: The Insert Headers And Footers... ⚠️ CVE-2025-3103: The CLEVER - HTML5 Radio Playe... 🟡 CVE-2025-3275: The Themesflat Addons For Elem... 🟡 CVE-2025-1457: The Element Pack Addons for El... 🔥 CVE-2025-1093: The AIHub theme for WordPress ... 🟡 CVE-2025-3284: The User Registration & Member... 🔥 CVE-2025-3278: The UrbanGo Membership plugin ... ⚠️ CVE-2025-2010: The JobWP – Job Board, Job Lis... 🟡 CVE-2025-43903: NSSCryptoSignBackend.cc in Pop... 🟡 CVE-2025-3796: A vulnerability classified as ... ⚠️ CVE-2025-32953: z80pack is a mature emulator o... 🟡 CVE-2025-3795: A vulnerability was found in D... 🟡 CVE-2025-36625: In Nessus versions prior to 10... 🟡 CVE-2025-32377: Rasa Pro is a framework for bu... 🟢 CVE-2025-25985: An issue in Macro-video Techno... 🟡 CVE-2025-25984: An issue in Macro-video Techno... 🟢 CVE-2025-25983: An issue in Macro-video Techno... 🟡 CVE-2025-28355: Volmarg Personal Management Sy... ⚠️ CVE-2025-24914: When installing Nessus to a no... 🟡 CVE-2025-29513: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-29512: Cross-Site Scripting (XSS) vul... 🟡 CVE-2025-1697: A potential security vulnerabi... 🟡 CVE-2024-41447: A stored cross-site scripting ... 🟡 CVE-2025-32796: Dify is an open-source LLM app... 🟡 CVE-2025-32795: Dify is an open-source LLM app... ⚠️ CVE-2025-32792: SES safely executes third-part... ⚠️ CVE-2025-32442: Fastify is a fast and low over... 🔥 CVE-2025-32434: PyTorch is a Python package th... ⚠️ CVE-2025-32389: NamelessMC is a free, easy to ... 🟡 CVE-2025-31120: NamelessMC is a free, easy to ... ⚠️ CVE-2025-31118: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30357: NamelessMC is a free, easy to ... ⚠️ CVE-2025-30158: NamelessMC is a free, easy to ... ⚠️ CVE-2025-29784: NamelessMC is a free, easy to ... 🟡 CVE-2025-27599: Element X Android is a Matrix ... 🟡 CVE-2025-3792: A vulnerability, which was cla... 🟡 CVE-2025-3791: A vulnerability classified as ... 🟡 CVE-2025-2950: IBM i 7.3, 7.4, 7.5, and 7.5 i... ⚠️ CVE-2025-29625: A buffer overflow vulnerabilit... 🟡 CVE-2025-3790: A vulnerability classified as ... 🟡 CVE-2025-3789: A vulnerability was found in b... 🟡 CVE-2025-32790: Dify is an open-source LLM app... 🟡 CVE-2024-46089: 74cms <=3.33 is vulnerable to ... 🟡 CVE-2024-49808: IBM Sterling Connect:Direct We... 🟡 CVE-2024-45651: IBM Sterling Connect:Direct We... 🟡 CVE-2025-3788: A vulnerability was found in b... 🟡 CVE-2025-3787: A vulnerability was found in P... 🟡 CVE-2025-3106: The LA-Studio Element Kit for ... ⚠️ CVE-2025-3786: A vulnerability was found in T... ⚠️ CVE-2025-3785: A vulnerability has been found... 🟡 CVE-2025-3056: The Download Manager plugin fo... 🔥 CVE-2025-2492: An improper authentication con... 🟡 CVE-2025-3783: A vulnerability classified as ... 🟡 CVE-2025-3598: The Coupon Affiliates – Affili... 🟡 CVE-2025-2162: The MapPress Maps for WordPres... 🔥 CVE-2025-1863: Insecure default settings have... 🔥 CVE-2025-39471: Improper Neutralization of Spe... ⚠️ CVE-2025-39470: Path Traversal: '.../...//' vu... ⚠️ CVE-2025-39469: Improper Neutralization of Inp... 🔥 CVE-2025-42599: Active! mail 6 BuildInfo: 6.60... ⚠️ CVE-2025-3520: The Avatar plugin for WordPres... 🟡 CVE-2025-2613: The Login Manager – Design Log... 🟡 CVE-2024-13650: The Piotnet Addons For Element... ⚠️ CVE-2025-25427: A Stored cross-site scripting ... ⚠️ CVE-2025-3509: A Remote Code Execution (RCE) ... ⚠️ CVE-2025-3246: An improper neutralization of ... 🟡 CVE-2025-3124: A missing authorization vulner... 🟢 CVE-2024-42178: HCL MyXalytics is affected by ... 🟡 CVE-2025-3765: A vulnerability, which was cla... 🟡 CVE-2025-3764: A vulnerability classified as ... 🟢 CVE-2024-42177: HCL MyXalytics is affected by ... 🟡 CVE-2025-3763: A vulnerability classified as ... 🟡 CVE-2025-3762: A vulnerability was found in P... 🟡 CVE-2025-29722: A CSRF vulnerability in Commer... 🟡 CVE-2025-28101: An arbitrary file deletion vul... 🔥 CVE-2025-28009: A SQL Injection vulnerability ... 🟢 CVE-2025-26269: DragonflyDB Dragonfly through ... 🟢 CVE-2025-26268: DragonflyDB Dragonfly before 1... ⚠️ CVE-2024-55211: An issue in Think Router Tk-Rt... 🟢 CVE-2021-47671: In the Linux kernel, the follo... ⚠️ CVE-2021-47670: In the Linux kernel, the follo... ⚠️ CVE-2021-47669: In the Linux kernel, the follo... ⚠️ CVE-2021-47668: In the Linux kernel, the follo... 🟢 CVE-2025-32415: In libxml2 before 2.13.8 and 2... ⚠️ CVE-2025-2947: IBM i 7.6  contains a privile... ⚠️ CVE-2025-29661: Litepubl CMS <= 7.0.9 is vulne... ⚠️ CVE-2025-29181: FOXCMS <= V1.25 is vulnerable ... ⚠️ CVE-2025-29180: In FOXCMS <=1.25, the installd... ⚠️ CVE-2025-29039: An issue in dlink DIR 832x 240... ⚠️ CVE-2025-43015: In JetBrains RubyMine before 2... 🟡 CVE-2025-43014: In JetBrains Toolbox App befor... 🟡 CVE-2025-43013: In JetBrains Toolbox App befor...
Chinese State-Sponsored Hackers Breach U.S. Treasury Department

By Cybersecurity Team on

Chinese State-Sponsored Hackers Breach U.S. Treasury Department

In December 2024, the U.S. Treasury Department reported a significant cybersecurity breach attributed to Chinese state-sponsored actors. The attackers exploited a vulnerability in a third-party cybersecurity service, BeyondTrust, to access unclassified documents and remotely control certain departmental workstations.

Details of the Breach

BeyondTrust, a provider of privileged access management solutions, detected the intrusion on December 8, 2024. The hackers had obtained a key used by BeyondTrust's cloud-based service, enabling them to bypass security measures and gain unauthorized access to the Treasury's systems. This method aligns with tactics previously employed by Chinese Advanced Persistent Threat (APT) groups, known for targeting trusted third-party services to infiltrate high-value networks.

Response and Investigation

Upon discovery, the Treasury Department promptly collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to assess the breach's impact and secure compromised systems. The affected services were taken offline to prevent further unauthorized access. As of now, there is no evidence indicating that the threat actors maintain ongoing access to Treasury information.

China's Official Response

The Chinese government has consistently denied involvement in cyberattacks against foreign entities. In response to this incident, a spokesperson for China's foreign ministry reiterated the nation's opposition to all forms of hacking and rejected the allegations as unfounded.

Implications for Cybersecurity

This breach underscores the persistent threat posed by state-sponsored cyber actors and highlights the vulnerabilities associated with third-party service providers. It serves as a critical reminder for organizations to implement robust cybersecurity measures, conduct regular security assessments, and maintain vigilance against sophisticated intrusion attempts.

Conclusion

The U.S. Treasury Department's recent cyber incident exemplifies the evolving challenges in safeguarding sensitive information against state-sponsored cyber threats. Continuous improvement of cybersecurity protocols and international cooperation remain essential in addressing and mitigating such risks.

Sources

Back to Posts