With the country’s cybersecurity workforce still experiencing major shortages, a bipartisan, bicameral group of lawmakers is pushing to enlist the Department of Labor to help tackle the problem.

The Cyber Ready Workforce Act would direct the DOL to establish a grant program that supports the “creation, implementation, and expansion of registered apprenticeship programs in cybersecurity,” per a press release announcing the bill’s introduction this week.

“As cyberattacks become more common and complex, we need to ensure we have the workers with the training and skills necessary to protect our cyber infrastructure and Americans’ personal data,” Sen. Jacky Rosen, D-Nev., one of the bill’s co-sponsors, said in a statement. “This bipartisan legislation will help fill gaps in our cybersecurity workforce and will open the door to more good-paying, cutting edge jobs for Nevadans, regardless of whether or not they have a college degree.”

Another co-sponsor, Sen. Marsha Blackburn, said in a statement that the legislation would provide “targeted support” for businesses, colleges and nonprofits that need more cyber protections. The country’s “severe talent shortage” in cyber “poses a serious threat to our national security and economic growth,” the Tennessee Republican said.

The introduction of the legislation Tuesday isn’t Rosen and Blackburn’s first bite at the apple, but previous efforts stalled out in the Senate. This time around, the senators added a pair of House co-sponsors — Reps. Susie Lee, D-Nev., and Brian Fitzpatrick, R-Pa. — to the pitch. It also comes at a time when the Trump administration has directed the DOL to do more with apprenticeships and technology.

Lee said in a statement that in Nevada alone, there’s a shortage of 4,000 cybersecurity professionals. Some estimates put the nationwide cyber workforce deficit at nearly half a million jobs.

“Whether you know it or not, cybersecurity … impacts all of us, from our small businesses, to utility grids, to our national security. But we don’t have enough talent to fill these jobs.” Lee said. “This bill will help ensure that we don’t fall behind when it comes to cybersecurity, while putting Nevada at the forefront of the high-demand, high-impact, and high-paying jobs of the future.”

According to a fact sheet posted to Lee’s congressional website, the bill calls on the Labor Department to award grants to “workforce intermediaries” that will grow the number of registered cybersecurity apprenticeship programs. 

Grant funding should be used for developing curricula and providing technical instruction. It could also go toward marketing and recruitment programs, support services such as career counseling and mentorship, and assistance for things like transportation, housing and childcare costs.

The legislation also encourages grant recipients to connect and collaborate with workforce intermediaries in business, nonprofit and academic settings. Coordinating on resources in cyber apprenticeship programs should ensure federal investments aren’t going toward duplicative efforts, per the fact sheet. 

“The continued shortage of cybersecurity professionals has exposed our nation to severe vulnerabilities, threatening our economy and national security,” Fitzpatrick said in a statement. “Now, more than ever, a strong cybersecurity workforce is necessary to protect our interests at home and abroad.”

Addressing the cybersecurity workforce shortage has been a priority for many lawmakers over the past several years, with legislation seeking to establish cyber grants at two-year colleges and minority-serving institutions, create new federal cyber training programs, give money to CISA for minority recruitment efforts and more.

The post Lawmakers renew push for Labor Department-backed cyber apprenticeship grants appeared first on CyberScoop.

A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack.

Axios is a JavaScript client library used in web requests. The unknown attacker hijacked the npm account — npm being a package manager for JavaScript — of the lead axios maintainer, and then published malicious versions of axios with remote access trojans to npm. That happened on Sunday night going into Monday morning, cybersecurity firm Huntress said, before the poisoned versions were pulled.

Aikido, another security firm, called it “one of the most impactful npm supply chain attacks on record.” Researchers at a large number of cyber companies have sounded alarms about the attack, including Step Security, Socket, Endor Labs and others.

According to Step Security, the malicious “axios@1.14.1” and “axios@0.30.4” versions inject a new software dependency, plain-crypto-js@4.2.1, that acts as a loader for the malware. It targets MacOS, Windows and Linux devices.

But, while the researchers describe it as malware, they note that “there are zero lines of malicious code inside axios itself.” Rather, the software is simply functioning as designed — or redesigned.

“Both poisoned releases inject a fake dependency… never imported anywhere in the axios source, whose sole purpose is to run a [post installation] script that deploys a cross-platform remote access trojan,” wrote Ashish Kurmi, chief technology officer and founder of Step Security.

Feross Aboukhadijeh, CEO and founder of Socket, called the situation “a live compromise” with a wide potential blast radius.

“This is textbook supply chain installer malware,” Aboukhadijeh wrote on X Monday evening, adding about the malicious versions that “Every npm install pulling the latest version is potentially compromised right now.”

The software package pulled in by the malicious versions of axios has embedded payloads that evade static cybersecurity analysis methods and confound human reviewers, and deletes and renames artifacts to destroy forensic evidence.

Aboukhadijeh gave blunt advice for anyone who had downloaded or used axios in the past week at least.

“If you use axios, pin your version immediately and audit your lockfiles,” he wrote. “Do not upgrade.”

Kurmi described the attack as “precision,” noting that the malicious dependency was staged less than 24 hours in advance and both malicious versions were poisoned within the same hour. 

Given the timeframe during which the malicious axios versions were online, that could translate into approximately 600,000 downloads, said Joshua Wright, SANS Institute faculty fellow and senior technical director at Counter Hack Innovations. 

“That’s a large number of compromises, and as soon as you install the software, it scrapes access credentials, and so now threat actors could pivot to AWS, other GitHub packages through scraped GitHub keys, and that’s the part that’s really difficult to articulate,” he told CyberScoop, warning that the fallout could stretch for weeks. “We’re going to see more and more stories about people that realize they’ve gotten breached, as today they’re trying to figure out what the impact is of that.”

The attack follows closely on the heels of other cases of developer-oriented targeting.

Google Threat Intelligence Group said the attack wasn’t related to the recent TeamPCP attacks, however, instead saying it had attributed the axios attack to a suspected North Korean hacking group it labels UNC1069.

“Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency,” said John Hultquist, the unit’s chief analyst. “The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts.”

This story was updated March 31, 2026, with comments from Google Threat Intelligence Group.

The post Attack on axios software developer tool threatens widespread compromises appeared first on CyberScoop.

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday.

Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering for his alleged role with RedLine. Infostealers thieve billions of user credentials such as passwords annually.

“Hambardzum Minasyan allegedly conspired with others to enrich himself by developing and administering RedLine, one of the most prevalent infostealing malware variants in the world, which has previously been used to conduct intrusions against major corporations,” a Justice Department news release said. “When executed, RedLine would steal data, including access devices, from victims’ computers.”

According to a summary of the indictment, Minasyan allegedly registered two virtual private servers to host RedLine, established repositories of online file sharing for distributing Redline to affiliates and registered a cryptocurrency account to receive affiliate payments.

Collectively, the conspirators also responded to questions and requests from affiliates, conspired to steal and own financial information and laundered cybercrime proceeds through cryptocurrency exchanges, the indictment states.

In 2024, the U.S. Justice Department teamed with Belgium, the Netherlands, Eurojust and others on Operation Magnus to disrupt the RedLine and Meta infostealers, the latter of which derived from the former. That same year, the Justice Department charged a Russian man, Maxim Rudometov, for his alleged role in developing RedLine.

Eurojust assisted with the extradition of Minasyan.

Court records related to Minasyan’s case had not been posted on the Pacer court system as of Wednesday afternoon. The U.S. Attorney’s Office for the Western District of Texas, which is prosecuting the case, did not immediately respond to requests for a copy of the indictment.

The post Alleged RedLine infostealer conspirator extradited to US appeared first on CyberScoop.