Cybersecurity and Infrastructure Security Agency (CISA) Archives

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

2 days ago By Matt Kapko

US charges hacker tied to Russian groups that targeted water systems and meat plants

Victoria Dubranova faces charges tied to her alleged role in two groups backed by the Russian government.

2 days ago By Greg Otto

Microsoft Headquarters — A sign is seen at the Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

3 days ago By Matt Kapko

Sen. Bill Casssidy, R-La., questions Health and Human Services Secretary Robert Kennedy Jr. during a Senate Finance Committee at the Dirksen Senate Office Building on Sept. 4, 2025. (Photo by Andrew Harnik/Getty Images)

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues

The bill, first introduced late last year, deals with regulations, training, grants and more.

Dec 5, 2025 By Tim Starks

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in…

Dec 4, 2025 By Matt Kapko

Sean Plankey, of Pennsylvania, responds to questioning during Senate Committee on Homeland Security and Governmental Affairs hearings to examine his nomination to be Director of the Cybersecurity and Infrastructure Security Agency, of the Department of Homeland Security, in the Dirksen Senate office building, in Washington, DC, on Wednesday July 24, 2025. (Mattie Neretin/CNP/Sipa USA)

Sean Plankey nomination to lead CISA appears to be over after Thursday vote

A hold from Sen. Rick Scott, R- Fla., over a Coast Guard contract appears to be the major reason why.

Dec 4, 2025 By Tim Starks

Google’s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake/Getty Images)

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

Dec 1, 2025 By Matt Kapko

In this photo illustration, social media and messaging apps are seen on a mobile phone screen on Nov. 11, 2025 in Istanbul, Turkey. (Photo Illustration by Chris McGrath/Getty Images)

CISA alert draws attention to spyware’s targeting of messaging apps

The agency’s brief notice also directed messaging app users to advice on how to protect themselves.

Nov 24, 2025 By Tim Starks

A photo-illustration of computer code fading into a digital representation of a human head. — (Yuichiro Chino/Getty Images)

The slow rise of SBOMs meets the rapid advance of AI

Despite years of effort to make software safer and more transparent with SBOMs, the rise of AI coding assistants is fueling optimism—and, some experts argue, “kind of…

Nov 24, 2025 By Cynthia Brumfield

Senate Select Committee on Intelligence Vice Chairman Mark Warner, D-Va., talks to reporters about Democrats being excluded from briefings the Trump Administration gave to Republicans about military strikes on alleged drug boats at the U.S. Capitol on Oct. 30, 2025. (Photo by Chip Somodevilla/Getty Images)

Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization

Sen. Mark Warner, D-Va., said the Trump administration is leaving the nation vulnerable at a time of rising threats in cyberspace.

Nov 20, 2025 By Tim Starks