Catch up quick

@ D.C.

👀 Karen Evans, a former Energy Department cyber official during the first Trump administration, has joined the Cybersecurity and Infrastructure Security Agency as a senior adviser in its cybersecurity division. (Nextgov)

⏮️ Republicans have started backing away from previous attacks and threats against CISA. (Washington Post)

⚠️ A 25-year-old engineer who previously worked for two Elon Musk companies now has admin privileges, including the ability to write code, for the Treasury Department system responsible for nearly all payments made to the U.S. government. (Wired)

@ Industry

🤝 Sophos has completed its $859 million acquisition of Secureworks. (Cybersecurity Dive)

💰 Riot, a cybersecurity startup focused on employee education, raised a $30 million Series B round led by Left Lane Capital. (TechCrunch)

💸 SailPoint is looking to raise as much as $1.05 billion in its initial public offering, according to a new filing. (Bloomberg)

@ Hackers and hacks

🩻 The Food and Drug Administration and CISA warned hospitals of a backdoor that hackers can exploit in a popular line of patient monitors. (The Record)

🔍 Researchers have identified a set of malicious infostealer packages disguised as legitimate downloads for DeepSeek developer tools. (BleepingComputer)

🚌 An investigation uncovers how law firms have used attorney-client privilege to hire incident responders and shield the true extent of hundreds of school cyberattacks from the public. (The 74)