The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released healthcare sector-specific guidance on boosting cyber resilience. Based on a two-week vulnerability assessment on a large healthcare organization, the guidance advises using phishing-resistant multifactor authentication. Despite several internal weaknesses, the organization had sufficient network security against external attacks. Additionally, the guidance includes recommendations on addressing vulnerabilities likely to exist in many healthcare organizations.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is