Latest Cybersecurity Breaches and Threats to US Critical Infrastructure

Cybersecurity incidents continue to challenge the resilience of critical U.S. institutions. In 2025, several significant events exposed vulnerabilities in government systems and raised alarms about ongoing threats from foreign actors. This article reviews three major developments: a breach at the U.S. Congressional Budget Office, the aftermath of a ransomware attack on Nevada’s state systems, and a stark warning from a retired general about Chinese cyber activities targeting U.S. infrastructure.

U.S. Congressional Budget Office Hacked

The U.S. Congressional Budget Office confirmed that it experienced a cybersecurity breach on November 6, indicating potential unauthorized access to internal systems. The office said it took immediate action to contain the incident and implemented additional monitoring and security controls. It was reported that foreign hackers were suspected to be responsible for the attack. Access the full article here.

Nevada’s Ransomware Attack

On November 5, the Nevada Governor’s Technology Office published an after-action report on the August 24 cyberattack, which impacted multiple state systems. The report stated that Nevada’s incident response plan was immediately activated. It took 28 days to fully recover, and no ransom was paid. The ransomware attack began when an employee downloaded malware from a spoofed website promoted through paid ads, a tactic known as search engine optimization poisoning. Approximately 90 percent of affected data was recovered.  According to the report, the remaining 10 percent remains under the state’s control, was not required to restore essential services, and is being reviewed on a risk basis. It was reported that more than 60 state offices were impacted by the incident. Access the full article here. Access the after action report here.

Retired General Warns About Chinese Cyber Threats to U.S. Infrastructure

Retired General Tim Haugh, former commander of the U.S. Cyber Command, and former director of the National Security Agency, warned in an interview on 60 Minutes that China has infiltrated and continues to target critical infrastructure in the United States. He warned that China is focusing on infrastructure such as water, electrical power and transportation. In the interview, Haugh highlighted China’s successful hack of Littleton, Massachusetts, a town with a population of 10,000 residents. He explained that China is gaining access to systems and then attempting to lay dormant as potential leverage in a future crisis. Access the full article here.

Yisda Takeaways

Cybersecurity breaches and threats to US critical infrastructure are escalating, and the responsibility for defense belongs to everyone. Nation-state actors are not focusing on federal agencies alone, but have expanded their focus to state agencies, municipalities, private companies and local utilities. Every organization, regardless of size, plays a vital role in protecting the nation’s digital and critical infrastructure.  

It is essential for every organization to have an incident response plan in place, to train employees to recognize and report threats, and to invest in tools and best practices such as multi-factor authentication, endpoint protection, zero trust network access, and continuous network monitoring. Resilience depends on preparation, and organizations of all sizes must act now to strengthen their defenses against the evolving cyber threats to come.