Apple disclosed a zero-day vulnerability Wednesday that the vendor warned was previously “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a security update. The memory-corruption vulnerability — CVE-2026-20700 — affects iPhones and iPads and was exploited on devices running versions of iOS before iOS 26. The Cybersecurity and Infrastructure…
Category: Cybersecurity and Infrastructure Security Agency (CISA)
AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy, Risk Management
CISA to host industry feedback sessions on cyber incident reporting regulation
The Cybersecurity and Infrastructure Security Agency will hold sector-by-sector town halls in the coming weeks to get feedback on a stalled regulation requiring critical infrastructure owners and operators to report when they suffer major cyberattacks. The meeting dates, set to be published in the Federal Register Friday, would “allow external stakeholders a limited additional opportunity…
AI, APAC, Congress, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Financial, Funding, Global Security News, Government, Government & Policy, Network Security, Politics
Acting CISA chief says DHS funding lapse would limit, halt some agency work
Acting Director Madhu Gottumukkala said it could affect everything from responding to threats to finalizing CIRCIA regulations.
The post Acting CISA chief says DHS funding lapse would limit, halt some agency work appeared first on CyberScoop.
AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Risk Management, Threats
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities
Microsoft’s latest security update is littered with zero-day vulnerabilities, actively exploited defects that account for more than 10% of the total CVEs the vendor addressed in this month’s Patch Tuesday update. The vendor addressed 59 vulnerabilities affecting its various products for business operations and underlying systems, including six defects that were actively exploited prior to…
AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Geopolitics, Global Security News, Government, Government & Policy, malware, Research, Russia
After major Poland energy grid cyberattack, CISA issues warning to U.S. audience
A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian…
AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…
AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…
AI, Compliance, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Government, Network Security, Policy, Politics, privacy, Risk Management
CISA tells agencies to stop using unsupported edge devices
A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential…
Cybercrime, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Technology, Threats
Ivanti’s EPMM is under active attack, thanks to two critical zero-days
Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls. The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in…
Cybersecurity and Infrastructure Security Agency (CISA), Election Assistance Commission, Election Security, Emerging Tech, Global Security News, HAVA
As feds pull back, states look inward for election security support
It’s no secret that the Trump administration has radically altered the federal government’s relationship with state election officials since being sworn into power last year. While his first term included the creation of the Cybersecurity and Infrastructure Security Agency and the distribution of hundreds of millions in congressional funding sent to help states upgrade election…
Cybersecurity and Infrastructure Security Agency (CISA), Election Assistance Commission, Election Security, Emerging Tech, Global Security News, HAVA
As feds pull back, states look inward for election security support
It’s no secret that the Trump administration has radically altered the federal government’s relationship with state election officials since being sworn into power last year. While his first term included the creation of the Cybersecurity and Infrastructure Security Agency and the distribution of hundreds of millions in congressional funding sent to help states upgrade election…
budget, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Global Security News, Government, Money
Congressional appropriators move to extend information-sharing law, fund CISA
Congressional appropriators announced funding legislation this week that extends an expiring cyber threat information-sharing law and provides $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including money for election security and directives on staffing levels. The latest so-called “minibus” package of several spending bills to keep the government funded past a Jan. 30…
CVE, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Government, Research
CISA’s secure-software buying tool had a simple XSS vulnerability of its own
A Cybersecurity and Infrastructure Security Agency tool dedicated to helping government agencies buy secure software turned out to have a cybersecurity vulnerability of its own. Jeff Williams, the former leader of the Open Worldwide Application Security Project (OWASP), told CyberScoop that he discovered a cross-site scripting vulnerability in CISA’s “Software Acquisition Guide: Supplier Response Web…
Asia Pacific, Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy, Workforce
Sean Plankey re-nominated to lead CISA
President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey’s bid for the position ended last year stuck in the Senate. It’s not clear whether or how Plankey’s resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely…
Andrew Garbarino, Artificial Intelligence (AI), Asia Pacific, china, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Policy
Key lawmaker says Congress likely to kick can down road on cyber information sharing law
With a little more than a month left before a foundational cyber threat information sharing law expires for a second time, Congress might have to do another short-term extension as negotiations on a longer deal aren’t yet bearing fruit, a key lawmaker said Tuesday. House Homeland Security Chairman Andrew Garbarino, R-N.Y., said the problem with…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, known exploited vulnerabilities (KEV), Technology, Threats
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
Microsoft addressed 57 vulnerabilities affecting its various products for business operations and core systems, including one actively exploited zero-day, the company said in its latest monthly security update. The zero-day vulnerability — CVE-2025-62221 — affects the Windows Cloud Files Mini Filter Driver and has a CVSS rating of 7.8. Attackers could exploit the use-after-free defect…
Asia Pacific, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, Workforce
Sean Plankey nomination to lead CISA appears to be over after Thursday vote
Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday to move forward on a panel of Trump administration picks. Multiple senators placed holds or threatened holds on his nomination, some related to cybersecurity. But the hold from Sen. Rick Scott, R-Fla., appeared…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Technology
Google addresses 107 Android vulnerabilities, including two zero-days
Google disclosed two actively exploited zero-day vulnerabilities Monday, which it addressed among a total of 107 defects in the company’s monthly security update for Android devices. The zero-days — CVE-2025-48633 and CVE-2025-48572 — are both high-severity defects affecting the Android framework, which attackers can exploit to access information and escalate privileges, respectively. Google said both…
Android, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Geopolitics, Global Security News, Government, privacy
CISA alert draws attention to spyware’s targeting of messaging apps
The Cybersecurity and Infrastructure Security Agency warned Monday about threat groups using commercial spyware to target messaging apps, and urged users to take protective steps. “CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps),” the agency said in a brief online notice. “These cyber…
Asia Pacific, china, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization
Politicization of intelligence in the Trump administration, as well as the “hollowing out” of government expertise, is leaving the United States dangerously vulnerable to cyberattacks and other threats, the top Democrat on the Senate Intelligence Committee said in a floor speech Thursday. Mark Warner of Virginia chastised the president over what he called the politically-motivated…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Global Security News, Government, North America, Policy
Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says
Letting a cyber threat data sharing law expire could waste government efforts to find vulnerabilities, since companies would no longer be able to discuss these issues without fear of legal repercussions, a top senator said Tuesday. Sen. Mike Rounds, R-S.D., made his remarks less than a week after the hotly contested legislation to end a…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Threats
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage
Federal authorities and researchers alerted organizations Friday to a massively exploited vulnerability in Fortinet’s web application firewall. While the actively exploited critical defect poses significant risk to Fortinet’s customers, researchers are particularly agitated about the vendor’s delayed communications and, ultimately, post-exploitation warnings about the vulnerability. Fortinet addressed CVE-2025-64446 in a software update pushed Oct. 28,…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Election Security, Global Security News, Government, North America
Government watchdog sues DHS over election official’s records
A nonprofit government watchdog group is suing the Department of Homeland Security, alleging that department officials have delayed and denied legitimate public information requests regarding the hiring of Heather Honey. Honey was hired by DHS earlier this year and given the title “Deputy Assistant Secretary for Elections Integrity,” a change from past administrations, which have…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Huntress, known exploited vulnerabilities (KEV), Threats
Attackers bypass patch in deprecated Windows Server update tool
Attackers are actively exploiting a critical vulnerability in Windows Server Update Services, bypassing a patch Microsoft issued earlier this month that failed to mitigate the issue affecting software versions dating back to 2012. Microsoft released an emergency, out-of-band security update for CVE-2025-59287 on Thursday. Multiple research firms detected in-the-wild exploitation by Friday, yet Microsoft has…
Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Policy, Workforce
US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes
The Trump administration should reverse cyber personnel and budget cuts, strengthen the Office of the National Cyber Director and expand federal workforce initiatives, the successor organization to the Cyberspace Solarium Commission recommended in a report published Wednesday. The annual implementation report from CSC 2.0 is the first of five iterations to actually determine that the…
Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Workforce
Swalwell seeks answers from CISA on workforce cuts
Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s primary cybersecurity agency, writing that the “Trump Administration has undertaken multiple efforts to decimate CISA’s workforce, undermining our nation’s cybersecurity.” Swalwell, the ranking member on the House Homeland Security Subcommittee…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Sen. Peters tries another approach to extend expired cyber threat information-sharing law
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Sen. Peters tries another approach to extend expired cyber threat information-sharing law
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Sen. Peters tries another approach to extend expired cyber threat information-sharing law
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Sen. Peters tries another approach to extend expired cyber threat information-sharing law
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired…
Congress, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy
Sen. Peters tries another approach to extend expired cyber threat information-sharing law
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1. Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired…
Asia Pacific, china, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Global Security News, Government, Policy
National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries
The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday. “Collectively, we’ve made great progress in identifying, responding to and remediating threats, but we still lack strategic coherence and direction,” he said at…
Asia Pacific, Australia, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy, Technology
CISA guide seeks a unified approach to software ‘ingredients lists’
Compiling an “ingredients list” for software can help organizations reduce cyber risks, avoid fines and save time, among other benefits, a Cybersecurity and Infrastructure Security Agency-led guide published Wednesday advises. The CISA document, produced with the National Security Agency and cyber agencies from 14 other countries, aims to produce a shared vision on advancing the…
Cybersecurity and Infrastructure Security Agency (CISA), Eric Goldstein, Global Security News, Government, Workforce
CISA taps Nicholas Andersen for executive assistant director of cybersecurity
Nicholas Andersen is taking over a top leadership role at the Cybersecurity and Infrastructure Security Agency, CISA announced Tuesday. He will become executive assistant director of cybersecurity at the agency in a role that’s seen swift turnover in the past year. It’s a position that has, in the past, led CISA efforts on protecting federal…
Asia Pacific, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Uncategorized
CISA is facing a tight CIRCIA deadline. Here’s how Sean Plankey can attempt to meet it
During a Senate Homeland Security and Governmental Affairs Committee hearing earlier this month in which lawmakers considered if Sean Plankey is fit to become director of the Cybersecurity and Infrastructure Security Agency, ranking member Gary Peters asked the CISA nominee how he would ensure the agency meets all of its statutory requirements, including those in…
Asia Pacific, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Policy, Ron Wyden, Workforce
CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination
Sean Plankey’s path to leading the Cybersecurity and Infrastructure Security Agency might have one obstacle set to be cleared for removal. With the Senate Homeland Security and Governmental Affairs Committee scheduled to hold a vote on his nomination for CISA director Wednesday, the next and final step for Plankey pending approval from the panel would…
Asia Pacific, budget, china, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Workforce
Plankey vows to boot China from U.S. supply chain, advocate for CISA budget
President Donald Trump’s pick to lead the Cybersecurity and Information Security Agency told senators Thursday that he would prioritize evicting China from the U.S. supply chain, and wouldn’t hesitate to ask for more money for the shrunken agency if he thought it needed it. “If confirmed it will be a priority of mine to remove…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Technology, Threats
Mass attack spree hits Microsoft SharePoint zero-day defect
Attackers are actively exploiting a critical zero-day vulnerability affecting on-premises Microsoft SharePoint servers, prompting industry heavyweights to sound the alarm over the weekend. Researchers discovered the active, ongoing attack spree Friday afternoon and warnings were issued en masse by Saturday evening. Microsoft released urgent guidance Saturday, advising on-premises SharePoint customers to turn on and properly…
Asia Pacific, china, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Gary Peters, Global Security News, Government, grants, Josh Hawley, National Cyber Director, office of management and budget, Policy, Salt Typhoon, Sean Cairncross, Senate Homeland Security and Governmental Affairs Committee, State Government, Volt Typhoon, Workforce
Sean Cairncross has policy coordination in mind if confirmed as national cyber director
Sean Cairncross laid out his vision to senators Thursday for the Office of the National Cyber Director if he is confirmed to lead it. “A goal of mine is to make sure this office sits at the place that this committee and I believe Congress intended in the statute, and that is to lead cyber…
Andrew Garbarino, Asia Pacific, china, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency (CISA), deepseek, Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, ICE, Mobile App Vetting, Mobile Security, Money, Policy, Russia, Salt Typhoon, sector risk management agencies, TikTok
Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’
The chairman of the House Homeland Security subcommittee on cybersecurity is apprehensive about the Department of Homeland Security’s plans to end a program that vets mobile apps for federal agencies. Rep. Andrew Garbarino, R-N.Y., sent a letter to DHS Secretary Kristi Noem on Thursday saying that especially in light of the massive Salt Typhoon telecommunications…
Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Technology, vulnerabilities, zero days
Google addresses 34 high-severity vulnerabilities in June’s Android security update
Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…
Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Technology, vulnerabilities, zero days
Google addresses 34 high-severity vulnerabilities in June’s Android security update
Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…
Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Technology, vulnerabilities, zero days
Google addresses 34 high-severity vulnerabilities in June’s Android security update
Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, National Cyber Director, NightDragon, North America, Palo Alto Networks, Senate Homeland Security and Governmental Affairs Committee, U.S. Chamber of Commerce, Workforce
Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing
President Donald Trump’s pick to serve as national cyber director was endorsed by a collection of cyber experts days before a Senate panel will consider his nomination. The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders, many who served in Republican-led administrations but some who also served…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, McCrary Institute, National Cyber Director, NightDragon, North America, Palo Alto Networks, Senate Homeland Security and Governmental Affairs Committee, U.S. Chamber of Commerce, Workforce
Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing
President Donald Trump’s pick to serve as national cyber director was endorsed by a collection of cyber experts days before a Senate panel will consider his nomination. The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders, many who served in Republican-led administrations but some who also served…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, McCrary Institute, National Cyber Director, NightDragon, North America, Palo Alto Networks, Senate Homeland Security and Governmental Affairs Committee, U.S. Chamber of Commerce, Workforce
Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing
President Donald Trump’s pick to serve as national cyber director was endorsed by a collection of cyber experts days before a Senate panel will consider his nomination. The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders, many who served in Republican-led administrations but some who also served…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
budget, Congress, critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Election Security, Energy Security and Emergency Response, FEMA, Financial, Global Security News, Government, National Cyber Director, Office of Cybersecurity Energy Security and Emergency Response, Policy, Workforce
Trump budget proposal would slash more than 1,000 CISA jobs
The fiscal 2026 budget proposal President Donald Trump unveiled last week would make deep cuts to the Cybersecurity and Infrastructure Security Agency workforce, with a goal of eliminating 1,083 positions and chopping its budget by $495 million, to $2.4 billion. That’s a slightly deeper total cut than an earlier budget outline forecast. And a new…
Biden administration, Congress, Cybersecurity and Infrastructure Security Agency (CISA), Exclusive, Gary Peters, Global Security News, Government, James Lankford, National Institute of Standards and Technology (NIST), office of management and budget, privacy, regulation, Senate Homeland Security and Governmental Affairs Committee
Senators revive bill to harmonize conflicting cybersecurity regulations
A bipartisan Senate duo is reintroducing legislation Thursday that would establish an executive branch panel to align conflicting cybersecurity regulations on the private sector. Michigan Sen. Gary Peters, the top Democrat on the Homeland Security and Governmental Affairs Committee, is bringing back the Streamlining Federal Cybersecurity Regulations Act with co-sponsor James Lankford, R-Okla. “By reducing…
Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Global Security News, Government, infostealers, law enforcement, malware
Lumma infostealer infected about 10 million systems before global disruption
LummaC2 infected around 10 million devices and systems, allowing for millions of follow-on attacks, before the information-stealing malware operation was dismantled through a coordinated global operation this week, Brett Leatherman, the FBI’s deputy assistant director for cyber operations, said during a media briefing Wednesday. “Since its inception in 2022, LummaC2’s malware-as-a-service platform rose to become…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Global Security News, Government, House Homeland Security Committee, NightDragon, NSTAC, Office of the Director of National Intelligence (ODNI), Salt Typhoon, telecommunications, Wall Street Journal
‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots
The first time some of the largest telecom companies in the world heard of Salt Typhoon was in a Wall Street Journal article. The story, which was published last September, blindsided company executives and industry insiders. As news of the attack on the country’s broadband networks broke, the scope and severity of the breach became…
Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Emerging Tech, Global Security News, Government, op-ed, Salt Typhoon, Volt Typhoon
Don’t let DOGE destroy CISA
Cybersecurity is the frontline of our national security. President Donald Trump and his adviser, Elon Musk, are doing more damage to our cyber defenses than Moscow or Beijing have done in decades. They are taking our defense off the field and hoping our enemies don’t take a shot at the end zone. They are wrong,…
Andrew Garbarino, Asia Pacific, Bennie Thompson, budget, china, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Federal Emergency Management Agency, FEMA, Global Security News, Government, Mark Green, Money, regulation, Workforce
DHS won’t tell Congress how many people it’s cut from CISA
The Department of Homeland Security won’t tell Congress how many employees at the Cybersecurity and Infrastructure Security Agency it has fired or pushed to leave, a top congressional Democrat said Wednesday. “You’ve overseen mass reductions in the workforce at CISA and” the Federal Emergency Management Agency, Mississippi Rep. Bennie Thompson, the top Democrat on the…
Check Point, CISA, cisco, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, firewall, Fortinet, Global Security News, Mandiant, Palo Alto Networks, Rapid7, Research, sonicwall, Technology, Threats, virtual private network (VPN), vulnerabilities
SonicWall customers confront resurgence of actively exploited vulnerabilities
Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by…
budget, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), disinformation, Election Security, Gary Peters, Global Security News, Government, House Appropriations Committee, information sharing, Lauren Underwood, misinformation, Money, Senate Appropriations Committee
Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity’
Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.” Connecticut Sen. Chris Murphy, the ranking member on the Senate Appropriations Subcommittee on Homeland Security, made his remarks Thursday to Department of Homeland Security Secretary Kristi Noem at a hearing on…
Amazon, CISA, crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Google, Government, intelligence sharing, Joint Cyber Defense Collaborative, Joint Cyber Defense Collaborative (JCDC), National Security Agency, Palo Alto Networks, Research, Technology, Threat Intelligence, Threats
Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump
SAN FRANCISCO — Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms. Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no…
Biden administration, budget, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Global Security News, Government, misinformation, Money, office of management and budget, social media, supreme court, Trump Administration, U.S. Supreme Court, Workforce
Trump administration proposes cutting $491M from CISA budget
President Donald Trump’s fiscal 2026 budget proposal would slash $491 million from the budget of the Cybersecurity and Infrastructure Security Agency, according to a summary released Friday. That would amount to a nearly 17% reduction to the agency’s approximately $3 billion budget. The administration did not release a detailed itemization of the cuts, only an…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, Workforce
Congressional officials wonder how CISA can carry out core mission in face of workforce cuts
SAN FRANCISCO – In her appearance at the RSAC 2025 Conference, Homeland Security Secretary Kristi Noem spoke about getting CISA back to its “core mission” of protecting federal networks and critical infrastructure from cybersecurity threats. Other cyber policy experts wonder how that is going to unfold with such concentration on cutting CISA’s workforce. Congressional staffers…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, RSAC 2025 Conference
DHS Secretary Noem: CISA needs to get back to ‘core mission’
SAN FRANCISCO — Homeland Security Secretary Kristi Noem outlined her plans Tuesday to refocus the Cybersecurity and Infrastructure Security Agency (CISA) on protecting critical infrastructure from increasingly sophisticated threats — particularly from China — while distancing the agency from what she characterized as mission drift under previous leadership. Speaking at the 2025 RSAC Conference, Noem…
CISA, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Workforce
CISA gets new No. 2: Madhu Gottumukkala
The Cybersecurity and Infrastructure Security Agency will soon have a new second-in-command. Madhu Gottumukkala has been named deputy director. He comes over to CISA from his prior position in the South Dakota government, where Kristi Noem was most recently governor before taking over as secretary of the Department of Homeland Security. Gottumukkala had been commissioner…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, IBM X-Force, known exploited vulnerabilities (KEV), Mandiant, Research, Verizon Data Breach Investigations Report, Verizon DBIR, VulnCheck, vulnerabilities
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025
Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter. The time from CVE disclosure to evidence of exploitation in…
Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Data Breaches, Exploitation, Exploits, Global Security News, Ransomware, ransomware payments, Research, Threats, Verizon Data Breach Investigations Report, Verizon DBIR, zero days
Verizon discovers spike in ransomware and exploited vulnerabilities
Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations…
Asia Pacific, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Executive order, FEMA, Global Security News, Government, information sharing and analysis centers (ISACs), maritime cybersecurity, op-ed
Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland
U.S. ports are vital to the flow of imports and exports; however, the entire maritime transportation system’s cybersecurity is exceedingly vulnerable. The August 2024 ransomware attack at the Port of Seattle resulted in significant cargo delays and a data breach of 90,000 individuals. Such a wide-scale incursion could have resulted in a longer loss of…
CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Justice, Department of Justice (DOJ), Donald Trump, Executive order, Global Security News, Government, Justice Department, Karoline Leavitt, Miles Taylor, SentinelOne, Workforce
Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order
Chris Krebs has resigned from SentinelOne, saying he needs to devote himself fully to fighting the executive order President Donald Trump signed to target his former director of the Cybersecurity and Infrastructure Security Agency. The executive order was a key touchpoint in Trump’s unprecedented campaign to punish those he views as his enemies. While at…
CISA, CVE, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, MITRE, National Vulnerability Database, NIST
CISA reverses course, extends MITRE CVE contract
In a last-minute switch, the Cybersecurity and Infrastructure Security Agency said it will continue funding a contract for MITRE to manage the CVE program and other vulnerability databases. In a statement sent to CyberScoop, a spokesperson said the agency executed an option to extend the contract and avoid a potential lapse in a program that…
Asia Pacific, china, CISA, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), disinformation, Exclusive, Gary Peters, Global Security News, Government, information sharing, information sharing and analysis centers (ISACs), Joint Cyber Defense Collaborative, Local Government, Mike Rounds, misinformation, North Carolina, Policy, privacy, Russia, Salt Typhoon, Senate Armed Services Committee, Senate Homeland Security and Governmental Affairs Committee, SolarWinds, State Government, Volt Typhoon
Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law
A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September. Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information…
china, CISA, cisco, citrix, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…
Andrew Garbarino, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Eric Swalwell, Global Security News, Government, House Homeland Security Committee, Mark Green, Policy, Workforce
Rep. Swalwell demands Hill briefing on planned CISA personnel cuts
The Cybersecurity and Infrastructure Security Agency must brief Congress on proposed deep cuts to agency personnel, a top Democrat said in a letter to its acting director. California Rep. Eric Swalwell, ranking member of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, wrote in the letter to acting Director Bridget Bean on Thursday…
Cybersecurity and Infrastructure Security Agency (CISA), election interference, FedRAMP, Global Security News, Government, SentinelOne
Trump signs order stripping Chris Krebs of security clearance
President Donald Trump signed a memorandum Wednesday revoking the security clearance of former CISA leader Chris Krebs, with the White House saying he was a “significant bad-faith actor who weaponized and abused his government authority” during his time leading the agency. The order also suspends any active security clearance held by employees at SentinelOne, where…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Office of the Comptroller of the Currency, Treasury Department
Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident “involving an administrative…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), fast flux, Global Security News, Government, Threats
International intelligence agencies raise the alarm on fast flux
International intelligence and cybersecurity agencies jointly issued a warning Thursday about “fast flux,” an advanced technique used by cybercriminals and state-sponsored actors to evade detection and maintain resilient command and control infrastructure. Fast flux involves rapidly changing or swapping out IP addresses linked to a particular domain. These quick changes render malicious activity nearly invisible…
Andrew Garbarino, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Eric Swalwell, Global Security News, Government, House Homeland Security Committee, Joint Cyber Defense Collaborative (JCDC), Local Government, Policy, Senate Homeland Security and Governmental Affairs Committee, State Government
Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do
Leaders of a key House subcommittee criticized the Trump administration’s personnel cuts at the Cybersecurity and Infrastructure Security Agency on Wednesday, with its chairman saying he wants CISA to take on more responsibilities, not less — some of which figure into his legislative priorities. Rep. Andrew Garbarino, the New York Republican who chairs the House…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, FDA, Global Security News, Government, Medical Devices, Policy
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity Tuesday called out the need for more proactive tracking of products used across the country, saying the status quo leaves many health system owners and operators in the dark about vulnerabilities, exploitation and patching updates. Testifying before the House Energy and Commerce Subcommittee on Oversight and…
Andrew Garbarino, budget, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Eric Swalwell, Federal Emergency Management Agency, FEMA, Global Security News, Government, House Homeland Security Committee, Kentucky, Local Government, Money, MS-ISAC, Policy, State Government, Threats, Utah
Renew — but improve — billion-dollar cyber grant program to states and locals, House witnesses say
It’s vital that Congress renew the expiring $1 billion state and local cybersecurity grant program, witnesses testified before a House panel, but they added that it could benefit from some upgrades, too. New York Rep. Andrew Garbarino, chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection that held the hearing Tuesday, said…
china, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Executive order, Global Security News, Government, information sharing and analysis centers (ISACs), Jen Easterly, Joe Slowik, Local Government, National Association of State Chief Information Officers, Nitin Natarajan, NuHarbor, pennsylvania, Policy, State Government, Trump Administration
Trump’s ‘preparedness’ executive order would shift cyber defense burden where it doesn’t belong, experts say
Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments, saying it will leave states holding the bag for a job they aren’t best equipped to handle. The executive order, issued last week, is entitled “Achieving Efficiency Through State and…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Elastic, Emerging Tech, Global Security News, Government, SolarWinds
How DHS is working to continually improve the Continuous Diagnostics and Mitigation program
Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform. First launched in 2013, the program is now tracking approximately 6.5 million devices, which includes operational technology…
CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Global Security News, Government, House Homeland Security Committee, House Intelligence Committee, Policy, regulation, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee
Congress should re-up 2015 information-sharing law, top Hill staffer says
Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end…
Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days
Microsoft patches 57 vulnerabilities, including 6 zero-days
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale. The software defects…
budget, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Emerging Tech, Global Security News, Government, government shutdown, Joe Biden, National Security Council, National Security Council (NSC), Policy, Trump Administration, Workforce
Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm
A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Election Security, Global Security News, Government, Karen Evans, Sean Cairncross, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Trump Administration, Workforce
Sean Plankey picked by Trump to be CISA director
President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s…
Bennie Thompson, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, House Homeland Security Committee, Jake Williams, Russia, Threats
DHS says CISA won’t stop looking at Russian cyber threats
The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…
Bennie Thompson, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, Department of Homeland Security (DHS), Global Security News, grants, House Homeland Security Committee, Mark Green, PIVOTT Act, Policy, Trump Administration, Workforce
Cyber workforce legislation vote gives rise to partisan rift on House Homeland Security Committee
A partisan divide opened Wednesday over a bill to bolster the cyber workforce, legislation that earned unanimous support in the House Homeland Security Committee last year but that Democrats are now wary of under President Donald Trump. Under the legislation, students at technical schools and community colleges would receive scholarships in return for two years…
Asia Pacific, CISA, Congress, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Eric Goldstein, Federal IT, Global Security News, Government, Jeff Greene, Karen Evans, National Cyber Director, National Security Council, National Security Council (NSC), NSC, office of management and budget, OMB, Sean Cairncross, Workforce
Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA
Federal IT and cyber government veteran Karen Evans is the new executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. It’s one of the most prominent cyber jobs in the federal government, previously held by Jeff Greene and Eric Goldstein. A description of the post on the CISA website says that the…
Bennie Thompson, CISA, crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), fraud, Global Security News, House Homeland Security Committee, House Intelligence Committee, information sharing, information sharing and analysis centers (ISACs), Internet Security Alliance, Kemba Walden, Mark Green, Mark Warner, Policy, privacy, Senate Homeland Security and Governmental Affairs Committee, Senate Intelligence Committee, SolarWinds
A major cybersecurity law is expiring soon — and advocates are prepping to push Congress for renewal
A push is gearing up to renew an expiring 10-year-old cybersecurity law that was viewed at its initial passage as the most significant cybersecurity legislation Congress had ever passed, and that advocates say now fosters several important threat-sharing initiatives. The 2015 Cybersecurity Information Sharing Act provides safeguards for companies that voluntarily share threat intelligence data…
AI, AI Cybersecurity, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Emerging Tech, Global Security News, Government, Joint Cyber Defense Collaborative (JCDC)
CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution
As autonomous agents increasingly enter organizations, nation-state actors are turning to these AI-powered technologies to undermine our national security and critical infrastructures. As a result, today’s security teams need to be able to fight AI with AI, and understand the technology’s implications from both a defensive and offensive perspective. Similarly, our national defenses have to…
Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, Government, Policy, Salt Typhoon
Purging cyber review board was ‘a great idea,’ DHS deputy secretary nominee says
Expelling all members of an independent federal cybersecurity advisory panel as it was investigating Salt Typhoon was necessary due to previous leadership and the board “going in the wrong direction,” President Donald Trump’s nominee for deputy secretary of the Department of Homeland Security said Tuesday. Troy Edgar, who is serving as a senior adviser to…
china, CISA, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, disinformation, Election Security, Elon Musk, Global Security News, Government, misinformation, Social Security Administration, Trump Administration, Twitter, Workforce
No, that’s not the acting head of the Social Security Administration. That’s a former CISA employee.
A longtime former employee of the Cybersecurity and Infrastructure Security Agency, an agency in the midst of curtailing its anti-misinformation and disinformation work under President Donald Trump, has found himself being misidentified online as a key figure in another Trump administration battle. On social media and in some news outlets, Ross Foard, a former CISA…
china, cisco, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
Asia Pacific, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Election Security, Global Security News, Government
CISA election, disinformation officials placed on administrative leave, sources say
The Cybersecurity and Infrastructure Security Agency placed several members of its election security group on administrative leave last week, multiple sources familiar with the situation told CyberScoop. According to one source, the moves happened Thursday and Friday of last week and were targeted at employees focused on CISA’s mis-, dis- and malinformation teams. The moves…
cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Bennie Thompson, china, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Information Sharing Act, Department of Homeland Security (DHS), Global Security News, Government, House Homeland Security Committee, Jake Williams, JD Work, Kemba Walden, Kevin Beaumont, Mark Green, National Cyber Director, Paladin, Policy, Salt Typhoon, SentinelOne, telecommunications, Trump Administration
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a…
Biden administration, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), disinformation, Donald Trump, Global Security News, Government, Joe Biden, Josh Hawley, Ron Johnson, Sen. Ron Johnson, Senate Homeland Security and Governmental Affairs Committee, supreme court, Trump, Trump Administration, U.S. Supreme Court
Noem: No anti-disinformation, misinformation action under her as DHS secretary
Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on…
Asia Pacific, china, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Software
Closing software-understanding gap is critical to national security, CISA says
With Chinese-sponsored hackers lingering in the IT systems of various U.S. critical infrastructure networks, potentially imminent threats to the country’s national security abound. The Cybersecurity and Infrastructure Security Agency and federal partners hope to lessen that threat by closing a so-called “software understanding gap.” In a document released Thursday with the Defense Advanced Research Projects…
Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, MOVEit Transfer, resilience, Salt Typhoon, Volt Typhoon
Restoring U.S. cyber resilience: A blueprint for the new administration
As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a…
AI, Artificial Intelligence, Bennie Thompson, Biden administration, CISA, cloud computing, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Emerging Tech, encryption, fraud, Global Security News, Government, House Homeland Security Committee, Joe Biden, Mark Green, National Cyber Director, National Risk Management Center, National Security Council, National Security Council (NSC), Office of the National Cyber Director, operational technology, phishing, quantum computing, supply chain, supply chain security, Trump, Trump Administration
Biden cyber executive order gets mostly plaudits, but its fate is uncertain
A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…
Asia Pacific, china, CISA, Congress, critical infrastructure, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Foundation for Defense of Democracies, Global Security News, Google, Government, Jack Cable, Microsoft, Policy, regulation, Salt Typhoon, secure by design, telecommunications, Treasury Department, Volt Typhoon
A CISA secure-by-design guru makes the case for the future of the initiative
One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…
AI, Artificial Intelligence (AI), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Global Security News, Joint Cyber Defense Collaborative (JCDC), North America
CISA’s AI cyber collaboration playbook aims to spur information-sharing
The Cybersecurity and Infrastructure Security Agency is making one last push before the change in administration for increased information sharing between the public and private sectors, releasing an artificial intelligence-focused playbook Tuesday that aims to foster “a unified approach” to handling AI-related cyber threats. The agency’s AI Cybersecurity Collaboration Playbook was developed with the FBI,…
Artificial Intelligence, Artificial Intelligence (AI), china, CISA, critical infrastructure, Cybercrime, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Executive order, Global Security News, Government, North America, Policy, privacy, quantum computing, regulation
Second Biden cyber executive order directs agency action on fed security, AI, space
A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…
critical infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, vulnerabilities
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The Cybersecurity and Infrastructure Security Agency has seen a surge in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations over a two-year period, with the communications sector representing the biggest jump. In a report released Friday, CISA said an analysis of the 7,791 critical infrastructure organizations enrolled in the agency’s vulnerability scanning service…