CISA scramble to rebuild their workforce

From the Editor’s Desk

Cyber risk is growing fast, but resilience still comes down to people — not just tools. As zero-days rock critical infrastructure while key agencies like CISA scramble to rebuild their workforce, organizations that invest in both talent and technology may hold the edge. How are you balancing your cyber investments this week?

🔎 Deep Brief

FortiWeb Under Active Zero-Day Attack

Fortinet’s web application firewall, FortiWeb, is facing a serious security crisis. A zero-day vulnerability (CVE-2025-64446) has been actively exploited, allowing unauthenticated attackers to execute administrative commands via crafted HTTP/HTTPS requests. 

Researchers found that threat actors can bypass authentication entirely and create persistent admin accounts, posing a major risk for any network relying on FortiWeb as a gatekeeper. Fortinet quietly patched the issue in FortiWeb version 8.0.2, but some users reported no public advisory at first — raising concerns about transparency. 

Additionally, a second FortiWeb zero-day (CVE-2025-58034) was patched shortly afterward — this one allows code execution via OS command injection by authenticated attackers. 

🧠 Strategy in Action

CISA’s Talent Rebuild

Facing a 40% vacancy rate in key mission areas, the Cybersecurity and Infrastructure Security Agency (CISA) is launching a major hiring campaign in 2026. The goal: rebuild capacity hollowed out by prior cuts and gear up for new geopolitical risks, especially with China increasingly targeting U.S. critical infrastructure. 

CISA plans to recruit state cybersecurity coordinators and regional advisers, especially in regions that have been chronically understaffed. To accelerate hiring, they’re expanding use of the Department of Homeland Security’s Cyber Talent Management System, which allows more flexible pay and recruitment for both junior practitioners and industry experts 

Your weekly picks for the best in live sports, shows, and streaming events. Plus the top tools to ensure you don’t miss a thing! 

🕵️ Threat Actor Spotlight

🛠️ Tool Check

Best Document Management Software

Comparitech reviewed several document management systems (DMS) designed for both free and commercial use. 

DocuWare Cloud stands out for its automation capabilities: it supports workflows like approvals, indexing, and team orchestration. 

For simpler setups, other DMS tools offer strong file indexing, version control, and easy retrieval — making it possible to move away from paper-based systems. Organizations with compliance needs benefit from systems that provide audit logs, metadata tagging, and role-based access.

🗣️ Community Signal

27701, which was released right after GDPR came online and that’s the privacy information management system. You could be a processor controller or both. And again, that helps dictate the direction and how you implement the standards. So 42001 is very much the same. There are variety of roles in there and getting those correct is very important because it helps, you know, basically determine the applicability” - Danny Manimbo, ISO & AI Practice Leader, Scheliman

📚 Don’t Miss This

• FCC to vote on reversing cyber rules adopted after Salt Typhoon hack

• Cloudflare Discloses Technical Details Behind Massive Outage that Breaks the Internet

• NIH database needs cybersecurity improvements, watchdog finds

Until Friday’s edition - Let’s keep that zero-day count at zero!