Iran-backed hackers breached a US federal agency that failed to patch year-old bug

The US government’s cybersecurity agency, CISA, has reported that an unknown federal agency was breached by Iranian government-backed hackers due to failure to patch a vulnerability called Log4Shell. The hackers exploited this flaw to gain administrative access to the network, install cryptocurrency mining software, and steal credentials, among other malicious activities. CISA advises that unpatched systems might already be compromised and urges all organizations to keep their software updated.