Cybersecurity News September 2025

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.

What is new in September, 2025 in Cybersecurity?

US officials issue ‘emergency’ cybersecurity order after hackers breach at least one government agency

US cyber officials issued an “emergency directive” Thursday ordering federal agencies to defend their networks against an “advanced” group of hackers that have breached at least one agency in an apparent espionage campaign.

Government officials have not commented on who is behind the hacks, but private experts say they believe the hackers are state-backed and based in China. The hackers have been exploiting previously unknown flaws in software made by Cisco for several months. Read more

Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days

CISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack — patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more!

Here are six things you need to know for the week ending September 26. Read more

DOD Unveils New Cybersecurity Risk Management Construct

After months of vowing to “blow up” the Risk Management Framework (RMF), the Pentagon has officially rolled out a new cybersecurity model designed to “deliver real-time cyber defense at operational speed.” Read more

Day of delays at Heathrow after cyber-attack brings disruption

Heathrow was among several European airports hit by delays on Saturday after a cyber-attack affecting an electronic check-in and baggage system.

The airport said a number of flights were delayed as a "technical issue" impacted software provided to several airlines. Read more

Also in Cimetrics News