Sam Sabin
@samsabin.bsky.social
Axios cybersecurity reporter, taking it day by day ✨ | 📩: sam.sabin@axios dot com, signal: SamSabin.01 (no pitches!), she/her
Reposted by Sam Sabin
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Cybersecurity breach at Congressional Budget Office remains a live threat
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
www.politico.com
November 10, 2025 at 9:40 PM
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Reposted by Sam Sabin
As federal election security support shrinks, Pam Smith warns smaller offices may be left “flying blind.” Still, she reminds us: “We ran elections before there was critical infrastructure support, and we'll have elections again, even without federal support.” @samsabin.bsky.social bit.ly/4hM06Ib
Election security cutbacks force local officials to go it alone
Election offices are left with fewer resources, less threat intelligence and diminished federal guidance.
bit.ly
November 7, 2025 at 2:43 PM
As federal election security support shrinks, Pam Smith warns smaller offices may be left “flying blind.” Still, she reminds us: “We ran elections before there was critical infrastructure support, and we'll have elections again, even without federal support.” @samsabin.bsky.social bit.ly/4hM06Ib
apparently the password for the Louvre's video surveillance system was just.... "Louvre" 🫠
www.pcworld.com/article/2961...
www.pcworld.com/article/2961...
The Louvre's video security password was reportedly 'Louvre'
Oh dear. It may not have had anything to do with the jewel robbery, but audits of the Paris museum's security system have revealed glaring issues that go back years.
www.pcworld.com
November 5, 2025 at 9:37 PM
apparently the password for the Louvre's video surveillance system was just.... "Louvre" 🫠
www.pcworld.com/article/2961...
www.pcworld.com/article/2961...
OpenAI is rolling out a new security agent, built on GPT-5, in private beta. The agent is designed continuously scan source code, find & validate bugs and propose patches.
More on @axios.com: www.axios.com/2025/10/30/o...
More on @axios.com: www.axios.com/2025/10/30/o...
OpenAI's new agent hunts software bugs like a human
The new agent, called Aardvark, can detect bugs and propose patches to security teams.
www.axios.com
October 30, 2025 at 5:11 PM
OpenAI is rolling out a new security agent, built on GPT-5, in private beta. The agent is designed continuously scan source code, find & validate bugs and propose patches.
More on @axios.com: www.axios.com/2025/10/30/o...
More on @axios.com: www.axios.com/2025/10/30/o...
apparently it’s #nationalblackcatday so here’s the sweetest lil hunter there is 🥰🙏🏻
October 28, 2025 at 3:06 AM
apparently it’s #nationalblackcatday so here’s the sweetest lil hunter there is 🥰🙏🏻
F5 — the networking security company that disclosed a nation-state cyberattack this month — just warned on an earnings call that their short-term revenue will likely take a hit as customers slow buying decisions as they patch vulnerable devices.
more for @axios.com: www.axios.com/2025/10/27/f...
more for @axios.com: www.axios.com/2025/10/27/f...
Cybersecurity firm F5 anticipates revenue hit after attack
The company anticipates customers will slow their purchasing decisions as they respond to the incident.
www.axios.com
October 27, 2025 at 10:08 PM
F5 — the networking security company that disclosed a nation-state cyberattack this month — just warned on an earnings call that their short-term revenue will likely take a hit as customers slow buying decisions as they patch vulnerable devices.
more for @axios.com: www.axios.com/2025/10/27/f...
more for @axios.com: www.axios.com/2025/10/27/f...
Reposted by Sam Sabin
Breaking: The Department of Justice announced it will "monitor polling sites in six jurisdictions [in New Jersey and California] ahead of the upcoming November 4, 2025, general election to ensure transparency, ballot security, and compliance with federal law." www.justice.gov/opa/pr/justi...
Justice Department to Monitor Polling Sites in California, New Jersey
WASHINGTON – Today, the Department of Justice announced that it will monitor polling sites in six jurisdictions ahead of the upcoming November 4, 2025, general election to ensure transparency, ballot ...
www.justice.gov
October 24, 2025 at 3:20 PM
Breaking: The Department of Justice announced it will "monitor polling sites in six jurisdictions [in New Jersey and California] ahead of the upcoming November 4, 2025, general election to ensure transparency, ballot security, and compliance with federal law." www.justice.gov/opa/pr/justi...
Reposted by Sam Sabin
More than 200 people showed up at Coast Guard Island earlier today to protest the federal enforcement threats looming over the Bay Area.
oaklandnorth.net/2025/10/23/p...
oaklandnorth.net/2025/10/23/p...
Protesters clash with ICE at Coast Guard Island, as Trump calls off Bay Area enforcement action - Oakland North
Protesters clashed with ICE at the entrance to Coast Guard Island in Oakland, as Trump calls off Bay Area enforcement action.
oaklandnorth.net
October 23, 2025 at 8:54 PM
More than 200 people showed up at Coast Guard Island earlier today to protest the federal enforcement threats looming over the Bay Area.
oaklandnorth.net/2025/10/23/p...
oaklandnorth.net/2025/10/23/p...
Reposted by Sam Sabin
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
October 20, 2025 at 1:14 PM
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
Reposted by Sam Sabin
New: The recent layoffs in CISA's Stakeholder Engagement Division have virtually shuttered SED, eliminating teams focused on critical infrastructure support, nationwide partnerships, and international coordination.
My story with details cuts and impacts: www.cybersecuritydive.com/news/cisa-st...
My story with details cuts and impacts: www.cybersecuritydive.com/news/cisa-st...
October 22, 2025 at 2:41 PM
New: The recent layoffs in CISA's Stakeholder Engagement Division have virtually shuttered SED, eliminating teams focused on critical infrastructure support, nationwide partnerships, and international coordination.
My story with details cuts and impacts: www.cybersecuritydive.com/news/cisa-st...
My story with details cuts and impacts: www.cybersecuritydive.com/news/cisa-st...
CISA's stakeholder engagement division hasn't sent updates about the F5 intrusion in the last week, an industry source tells me.
and following RIF notices this month, the division is expected to host a town hall Thursday to discuss those cuts.
new from me: www.axios.com/2025/10/21/f...
and following RIF notices this month, the division is expected to host a town hall Thursday to discuss those cuts.
new from me: www.axios.com/2025/10/21/f...
The top U.S. cyber agency isn't doing as much outreach during F5 cyberattack
It's unclear if the lack of communication is due to the government shutdown or earlier workforce cuts.
www.axios.com
October 21, 2025 at 5:19 PM
CISA's stakeholder engagement division hasn't sent updates about the F5 intrusion in the last week, an industry source tells me.
and following RIF notices this month, the division is expected to host a town hall Thursday to discuss those cuts.
new from me: www.axios.com/2025/10/21/f...
and following RIF notices this month, the division is expected to host a town hall Thursday to discuss those cuts.
new from me: www.axios.com/2025/10/21/f...
nation-state hackers broke into F5, exfiltrated data and stole source code. the company estimates that over 80% of the Fortune Global 500 uses its tools.
a top U.S. cyber official says the incident is part of a "broader strategic campaign" against supply chains.
www.axios.com/2025/10/15/f...
a top U.S. cyber official says the incident is part of a "broader strategic campaign" against supply chains.
www.axios.com/2025/10/15/f...
Nation-state hackers breached cybersecurity firm F5, stole source code
F5 is a popular vendor among Fortune Global 500 companies and the U.S. government.
www.axios.com
October 15, 2025 at 6:37 PM
nation-state hackers broke into F5, exfiltrated data and stole source code. the company estimates that over 80% of the Fortune Global 500 uses its tools.
a top U.S. cyber official says the incident is part of a "broader strategic campaign" against supply chains.
www.axios.com/2025/10/15/f...
a top U.S. cyber official says the incident is part of a "broader strategic campaign" against supply chains.
www.axios.com/2025/10/15/f...
Apple is now paying upwards of $2M for high-severity bug findings, including those that could lead to zero-click and close proximity attacks
www.axios.com/2025/10/10/a...
www.axios.com/2025/10/10/a...
Apple will pay up to $2M for finding an iPhone security flaw
The company is restructuring its bug bounty program after rolling out several new security features in recent years.
www.axios.com
October 10, 2025 at 4:30 PM
Apple is now paying upwards of $2M for high-severity bug findings, including those that could lead to zero-click and close proximity attacks
www.axios.com/2025/10/10/a...
www.axios.com/2025/10/10/a...
just got to do a talk radio hit for my hometown station, life is worth living 🙏
October 7, 2025 at 2:10 PM
just got to do a talk radio hit for my hometown station, life is worth living 🙏
Reposted by Sam Sabin
NEW: ICE is planning to hire a team of nearly 30 people to surveil social media 24/7, build dossiers on people, and flag them for arrest and deportation. @dell.bsky.social has the scoop: www.wired.com/story/ice-so...
ICE Wants to Build Out a 24/7 Social Media Surveillance Team
Documents show ICE plans to hire dozens of contractors to scan X, Facebook, TikTok, and other platforms to target people for deportation.
www.wired.com
October 3, 2025 at 1:22 PM
NEW: ICE is planning to hire a team of nearly 30 people to surveil social media 24/7, build dossiers on people, and flag them for arrest and deportation. @dell.bsky.social has the scoop: www.wired.com/story/ice-so...
something they don't teach you in j-school is just how much of your career can become traveling to go interview people + juggling flight plans w/ the 12 other story ideas you have.
on a related note, i'm tired :)))
on a related note, i'm tired :)))
October 1, 2025 at 3:49 AM
something they don't teach you in j-school is just how much of your career can become traveling to go interview people + juggling flight plans w/ the 12 other story ideas you have.
on a related note, i'm tired :)))
on a related note, i'm tired :)))
Reposted by Sam Sabin
To clarify, tt says it won't renew with CIS, but it will maintain information sharing with MS-ISAC.
September 29, 2025 at 9:00 PM
To clarify, tt says it won't renew with CIS, but it will maintain information sharing with MS-ISAC.
CISA says it won't be renewing its cooperative agreement with the MS-ISAC, which ends Sept. 30, and will hold bi-monthly cals to share "timely cyber defense updates" with state, local and tribal governments.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
CISA is Strengthening Our Nation’s Security with Direct Cyber Support to State and Local Governments | CISA
www.cisa.gov
September 29, 2025 at 8:20 PM
CISA says it won't be renewing its cooperative agreement with the MS-ISAC, which ends Sept. 30, and will hold bi-monthly cals to share "timely cyber defense updates" with state, local and tribal governments.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Trump is targeting former deputy AG Lisa Monaco and called for Microsoft to fire her.
He also says she’s been stripped of her security clearances and “banned her from all federal properties.”
www.axios.com/2025/09/26/t...
He also says she’s been stripped of her security clearances and “banned her from all federal properties.”
www.axios.com/2025/09/26/t...
Trump demands Microsoft oust president over Biden-era ties
Monaco was deputy attorney general in the Biden administration.
www.axios.com
September 26, 2025 at 9:40 PM
Trump is targeting former deputy AG Lisa Monaco and called for Microsoft to fire her.
He also says she’s been stripped of her security clearances and “banned her from all federal properties.”
www.axios.com/2025/09/26/t...
He also says she’s been stripped of her security clearances and “banned her from all federal properties.”
www.axios.com/2025/09/26/t...
CISA has ordered civilian agencies to patch vulnerable Cisco devices ASAP after the company disclosed new zero-days.
The order came after Cisco said today it's been working with gov'ts since May to investigate attacks targeting the flaws.
for @axios.com:
www.axios.com/2025/09/25/u...
The order came after Cisco said today it's been working with gov'ts since May to investigate attacks targeting the flaws.
for @axios.com:
www.axios.com/2025/09/25/u...
Hackers are actively targeting new flaws in Cisco firewalls — leaving U.S. government agencies at-risk
The Cybersecurity and Infrastructure Security Agency ordered agencies to patch immediately.
www.axios.com
September 25, 2025 at 9:40 PM
CISA has ordered civilian agencies to patch vulnerable Cisco devices ASAP after the company disclosed new zero-days.
The order came after Cisco said today it's been working with gov'ts since May to investigate attacks targeting the flaws.
for @axios.com:
www.axios.com/2025/09/25/u...
The order came after Cisco said today it's been working with gov'ts since May to investigate attacks targeting the flaws.
for @axios.com:
www.axios.com/2025/09/25/u...
Reposted by Sam Sabin
It's not looking for good CISA 2015: @samsabin.bsky.social reports that Senate Homeland Security Committee chair Rand Paul "seems reluctant to engage with the private sector or other committee members" on reauthorization. www.axios.com/2025/09/19/c...
Rand Paul's last-minute demands push key cybersecurity law to the brink
Congressional aides say Paul hasn't been open to negotiations.
www.axios.com
September 23, 2025 at 6:18 PM
It's not looking for good CISA 2015: @samsabin.bsky.social reports that Senate Homeland Security Committee chair Rand Paul "seems reluctant to engage with the private sector or other committee members" on reauthorization. www.axios.com/2025/09/19/c...
new Senate HSGAC minority report dives into DOGE based on several staff visits and whistleblower complaints:
"Ranking Member Peters and staff have found that DOGE has, in fact, done little more than put Americans’ most private information at risk."
www.hsgac.senate.gov/wp-content/u...
"Ranking Member Peters and staff have found that DOGE has, in fact, done little more than put Americans’ most private information at risk."
www.hsgac.senate.gov/wp-content/u...
www.hsgac.senate.gov
September 25, 2025 at 6:11 PM
new Senate HSGAC minority report dives into DOGE based on several staff visits and whistleblower complaints:
"Ranking Member Peters and staff have found that DOGE has, in fact, done little more than put Americans’ most private information at risk."
www.hsgac.senate.gov/wp-content/u...
"Ranking Member Peters and staff have found that DOGE has, in fact, done little more than put Americans’ most private information at risk."
www.hsgac.senate.gov/wp-content/u...
A key cyber threat info-sharing program is set to expire on Sept. 30. Congressional aides say they're doubtful they'll make the deadline, blaming the failure on Sen. Paul's last-minute push to make major changes to the 10-year-old program.
my latest for @axios.com: www.axios.com/2025/09/19/c...
my latest for @axios.com: www.axios.com/2025/09/19/c...
Rand Paul's last-minute demands push key cybersecurity law to the brink
Congressional aides say Paul hasn't been open to negotiations.
www.axios.com
September 19, 2025 at 9:46 PM
A key cyber threat info-sharing program is set to expire on Sept. 30. Congressional aides say they're doubtful they'll make the deadline, blaming the failure on Sen. Paul's last-minute push to make major changes to the 10-year-old program.
my latest for @axios.com: www.axios.com/2025/09/19/c...
my latest for @axios.com: www.axios.com/2025/09/19/c...
Reposted by Sam Sabin
Exclusive: The Trump administration has abandoned any intention of breaking up the joint leadership of U.S. Cyber Command & the National Security Agency, bowing to the reality of the enormous complexity of the task.
On @therecordmedia.bsky.social
therecord.media/cyber-comman...
On @therecordmedia.bsky.social
therecord.media/cyber-comman...
Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat'
Sources tell Recorded Future News that top Trump administration officials have accepted that splitting up the leadership of U.S. Cyber Command and the National Security Agency would prove too lengthy ...
therecord.media
September 9, 2025 at 1:52 PM
Exclusive: The Trump administration has abandoned any intention of breaking up the joint leadership of U.S. Cyber Command & the National Security Agency, bowing to the reality of the enormous complexity of the task.
On @therecordmedia.bsky.social
therecord.media/cyber-comman...
On @therecordmedia.bsky.social
therecord.media/cyber-comman...
interesting— new sanctions on cyber scam centers in Myannmar www.bloomberg.com/news/article...
Trump Targets Asian Cyber Scam Centers That Bilked Billions
The US imposed sanctions on a network of cyber scam centers operating in Southeast Asia, a bid to heighten pressure on operations allegedly using forced labor to bilk billions from Americans annually.
www.bloomberg.com
September 9, 2025 at 2:44 PM
interesting— new sanctions on cyber scam centers in Myannmar www.bloomberg.com/news/article...