banner
ddimolfetta.bsky.social
David DiMolfetta
@ddimolfetta.bsky.social
2.5K followers 250 following 450 posts
Nextgov/FCW cybersecurity + intelligence reporter. Tips: [email protected] Signal: @ djd.99 X/Twitter: @ddimolfetta
Posts Media Videos Starter Packs
Pinned
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · Nov 10
(1/3) Hi all. My name is David, I cover U.S. federal cybersecurity policy, intelligence and a bit of national security for Nextgov/FCW in Washington, DC.

We are curious to hear from current or former government employees and officials about what the coming months will bring in this new admin.
2 2 17
Reposted by David DiMolfetta
patrickhowelloneill.com
Patrick Howell O’Neill @patrickhowelloneill.com · 3h
New: DHS has reassigned hundreds of national security specialists, including cyber personnel from CISA, into jobs that support President Donald Trump’s mass deportation efforts and said it would fire anyone who refuses to go along. Gift link: www.bloomberg.com/news/article...
Homeland Security Cyber Personnel Reassigned to Jobs in Trump’s Deportation Push
The US Department of Homeland Security has shifted hundreds of national security specialists, including cyber personnel, into jobs that support President Donald Trump’s deportations and said it would ...
www.bloomberg.com
22 120 150
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 1d
In July, we first reported plans for mass cuts in I&A were paused after stakeholder backlash. Since then, I&A has reignited efforts to more gradually shed its workforce. The office now aims to reduce its size to around 500 people via a second DRP offer:
www.nextgov.com/people/2025/...
DHS intelligence office sent deferred resignation offers to shed staff in recent months
The DHS Office of Intelligence and Analysis is working to incrementally reduce the size of its workforce, following plans for mass cuts that faced severe pushback from stakeholders over the summer.
www.nextgov.com
1 2
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 1d
Scoop --> DHS’s Office of Intelligence and Analysis since the summer has sent its employees two deferred resignation program offers, marking a renewed push to shed its headcount after it faced scrutiny for related reduction plans outlined earlier this year.⬇️
1 1
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 1d
This is a common technique with CAST queries, as shown in the document released by the FBI, they said. Those queries can determine if a call was answered and how long a call lasted. In those cases, it can help confirm claims about when someone called + length of a conversation.
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 1d
Two former FBI officials I spoke with last night say the types of records sought in this inquiry do not involve a wiretap/retrieval of specific contents of phone calls, but rather phone metadata that shows which number contacted another number.
1 1
Reposted by David DiMolfetta
patrickhowelloneill.com
Patrick Howell O’Neill @patrickhowelloneill.com · 6d
New: Oracle is investigating hacks of numerous customers following a major extortion campaign targeting large organizations. The company told employees on Thursday they had discovered exploitation of known flaws in its product.

Gift link: www.bloomberg.com/news/article...
Oracle Investigating Hacks of Its Customers’ E-Business Suite
Oracle Corp. is investigating hacks of numerous customers’ E-Business Suite applications following an extortion campaign targeting large organizations, according to two people familiar with the matter...
www.bloomberg.com
5 6
Reposted by David DiMolfetta
charliesavage.bsky.social
Charlie Savage @charliesavage.bsky.social · 6d
Trump ‘Determined’ the U.S. Is Now in a War With Drug Cartels, Congress Is Told

A notice calls the people the U.S. military recently killed on suspicion of drug smuggling in the Caribbean Sea “unlawful combatants.”

www.nytimes.com/2025/10/02/u...
Trump ‘Determined’ the U.S. Is Now in a War With Drug Cartels, Congress Is Told
www.nytimes.com
36 42 110
Reposted by David DiMolfetta
willoremus.com
Will Oremus @willoremus.com · 6d
Horrific and evil. Everyone should feel safe in their place of worship, on holy days most of all. www.washingtonpost.com/world/2025/1...
Attack at synagogue on Yom Kippur leaves two dead in England
Officers shot a suspect who had rammed a car into some victims and stabbed others outside the Heaton Park Hebrew Congregation, police said.
www.washingtonpost.com
5 26
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 7d
FT: “The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users’ data, despite US claims that Britain had abandoned all attempts to break the tech giant’s encryption.”
www.ft.com/content/d101...
UK makes new attempt to access Apple cloud data
Order issued in September comes after Trump administration said London had backed down in fight over encryption
www.ft.com
1
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 7d
Just now: Government funding officially lapses, and with it, a bedrock cybersecurity law that’s been in place the last decade to help facilitate cyber information-sharing between companies and the public sector. Earlier coverage here:
www.nextgov.com/cybersecurit...
Vital cyber data-sharing law appears likely to expire amid looming government shutdown
Law firms are advising clients to prepare for this possibility, although the extent of information sharing that will cease if the law lapses remains unclear.
www.nextgov.com
1
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 8d
The nation’s top spy agencies are expected to pare down certain intelligence-gathering activities deemed non-essential in the event of a government shutdown that is anticipated at midnight Tuesday:
www.nextgov.com/defense/2025...
DOD would curtail long-term intelligence work during government shutdown
Routine spying activities conducted by NSA, the National Geospatial-Intelligence Agency and others would continue, but some forward-looking intelligence planning would be halted, a department document...
www.nextgov.com
2 1
Reposted by David DiMolfetta
campuscodi.risky.biz
Catalin Cimpanu @campuscodi.risky.biz · 8d
A team of academics has published a paper on Iranian cyber operations targeting ports and maritime infrastructure in the Middle East over the past three years.

pure.royalholloway.ac.uk/en/publicati...
Image of text that reads: on Iranian cyber operations targeting ports and maritime infrastructure in the Middle East over the past three years. "The research demonstrates that Iranian cyber campaigns combine sophisticated technical approaches—including custom malware deployment, spear-phishing, and SCADA system exploitation—with influence operations to achieve immediate disruption and longer-term strategic goals. [...] Our findings suggest that, though technically sophisticated, Iran's cyber operations targeting maritime infrastructure may ultimately undermine China's BRI objectives of stable trade routes and regional economic integration."
7 11
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 9d
Bloomberg confirms our scoop: www.bloomberg.com/news/article...

H/t to @metacurity.com for flagging
5 6
Reposted by David DiMolfetta
metacurity.com
Cynthia Brumfield @metacurity.com · 9d
So Bloomberg is confirming the scoop from @ddimolfetta.bsky.social

Hackers Stole FEMA, Customs and Border Protection Employee Data

www.bloomberg.com/news/article...
Hackers Stole FEMA, Customs and Border Protection Employee Data
A hacker gained access to the Federal Emergency Management Agency’s computer networks for several months earlier this year and stole information about FEMA and US Customs and Border Protection employe...
www.bloomberg.com
1 3 7
Reposted by David DiMolfetta
metacurity.com
Cynthia Brumfield @metacurity.com · 9d
A “widespread cybersecurity incident” at FEMA occurred when hackers accessed Citrix virtual desktop infrastructure using compromised login credentials, and made off with employee data from both the disaster management office and CBP.
www.nextgov.com/cybersecurit...
2 6 11
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 9d
The initial compromise began June 22, when hackers accessed Citrix virtual desktop infrastructure inside FEMA using compromised login credentials. Data was exfiltrated from Region 6 servers:
www.nextgov.com/cybersecurit...
‘Widespread’ breach let hackers steal employee data from FEMA and CBP
A Citrix vulnerability — suspected to have led to firings of multiple FEMA technology staff — enabled the breach, which let hackers pilfer data from FEMA servers connected to states at the southern bo...
www.nextgov.com
5 13
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 9d
SCOOP: A "widespread" cyber incident at FEMA allowed hackers to pilfer employee data from both the disaster management agency and CBP. The hacks, which targeted servers tied to southern border states, are suspected to have later triggered the firings of 24 FEMA IT employees.⬇️
1 10 31
Reposted by David DiMolfetta
reuters.com
Reuters @reuters.com · 10d
Airspace near Poland's Lublin, Rzeszow closed due to 'unplanned military activity', Flightradar24 says reut.rs/4mOlqxG
Airspace near Poland's Lublin, Rzeszow closed due to 'unplanned military activity', Flightradar24 says
The airspace near Poland's Lublin and Rzeszow is closed until at least 0400 GMT due to "unplanned military activity related to ensuring state security", Flight tracking service Flightradar24 said on Sunday.
reut.rs
6 80 110
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 12d
Microsoft is declining to comment on the contents of this POTUS TruthSocial post today concerning Lisa Monaco:
truthsocial.com/@realDonaldT...
Truth Social
Truth Social is America's
truthsocial.com
2
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 12d
New: It’s increasingly more likely that a longstanding bedrock cybersecurity law will expire in tandem with a government shutdown anticipated next week. I spoke with multiple sources about the state of play on the Hill and in industry:
www.nextgov.com/cybersecurit...
Vital cyber data-sharing law appears likely to expire amid looming government shutdown
Law firms are advising clients to prepare for this possibility, although the extent of information sharing that will cease if the law lapses remains unclear.
www.nextgov.com
11 120 270
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
Update: an industry source tells me the hacking group responsible for this activity is likely tied to China. A CISA official said earlier the agency is not focused at the moment on attribution. The high chance that this is China probably wouldn’t surprise many.
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
The hacking group has been observed targeting organizations around the world but has recently refocused its efforts on entities in the United States, Sam Rubin, senior vice president for the Unit 42 threat intelligence arm at Palo Alto Networks, told me:
www.nextgov.com/cybersecurit...
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
www.nextgov.com
2
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
“There’s a lot going on right now as we start briefing the federal civilian executive branch agencies working in partnership with [Cisco],” CISA Chief Information Officer Bob Costello told an audience at a Nextgov/FCW event on Thursday.
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
The hacking group has been observed targeting organizations around the world but has recently refocused its efforts on entities in the United States, Sam Rubin, senior vice president for the Unit 42 threat intelligence arm at Palo Alto Networks, told me:
www.nextgov.com/cybersecurit...
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
www.nextgov.com
Reposted by David DiMolfetta
metacurity.com
Cynthia Brumfield @metacurity.com · 13d
“As we have seen before, now that patches are available, we can expect attacks to escalate as cybercriminal groups quickly figure out how to take advantage of these vulnerabilities"
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
The hacking group has been observed targeting organizations around the world but has recently refocused its efforts on entities in the United States, Sam Rubin, senior vice president for the Unit 42 threat intelligence arm at Palo Alto Networks, told me:
www.nextgov.com/cybersecurit...
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
www.nextgov.com
2 2
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 13d
The hacking group has been observed targeting organizations around the world but has recently refocused its efforts on entities in the United States, Sam Rubin, senior vice president for the Unit 42 threat intelligence arm at Palo Alto Networks, told me:
www.nextgov.com/cybersecurit...
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
www.nextgov.com
1 1 1
ddimolfetta.bsky.social
David DiMolfetta @ddimolfetta.bsky.social · 15d
“Officials said the anonymous communications network, which included more than 100,000 SIM cards and 300 servers, could interfere with emergency response services and could be used to conduct encrypted communication.”
www.nytimes.com/2025/09/23/u...
Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.
www.nytimes.com
3