Cybersecurity and Infrastructure Security Agency (CISA) Archives

Safe Mode

What’s it like to go through the FedRAMP process?

Scott Montgomery, VP of Federal, Island

2 days ago By CyberScoop Staff

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

2 days ago By Matt Kapko

U.S. Sen. Gary Peters, D-Mich., leaves a Senate Democratic meeting at the U.S. Capitol Building on Oct. 3, 2025. (Photo by Kevin Dietsch/Getty Images)

Sen. Peters tries another approach to extend expired cyber threat information-sharing law

A new bill renames the Cybersecurity Information Sharing Act of 2015 and would make its legal protections retroactive after its lapse.

2 days ago By Tim Starks

users, files, cloud, administrator — (Getty Images)

Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

4 days ago By Matt Kapko

Oracle zero-day defect amplifies panic over Clop’s data theft attack spree

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

5 days ago By Matt Kapko

Watchdog: Cyber threat information-sharing program’s future uncertain with expected expiration of 2015 law

A DHS inspector general report found that CISA doesn’t have plans for what to do with AIS if the Cybersecurity Information Sharing Act lapses.

Sep 30, 2025 By Tim Starks

Two-thirds of CISA personnel could be sent home under shutdown

A DHS plan estimates that it would keep nearly 900 CISA workers on the job during a lapse in federal funding.

Sep 29, 2025 By Tim Starks

Person on ladder looking into large folder with messy paperwork spilling out. (Stock illustration/Getty Images)

Worries mount over max-severity GoAnywhere defect

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.

Sep 26, 2025 By Matt Kapko

The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS / AFP)

CISA says it observed nearly year-old activity tied to Cisco zero-day attacks

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

Sep 25, 2025 By Matt Kapko

DHS, Department of Homeland Security, cybersecurity, Cyber Storm — (Getty Images)

CISA alerts federal agencies of widespread attacks using Cisco zero-days

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.

Sep 25, 2025 By Matt Kapko