Cybersecurity and Infrastructure Security Agency (CISA) Archives

Apple discloses first actively exploited zero-day of 2026

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

3 days ago By Matt Kapko

CISA to host industry feedback sessions on cyber incident reporting regulation

One industry official told CyberScoop the town halls are probably not what CIRCIA needs right now.

3 days ago By Tim Starks

Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency, testifies during the DHS oversight hearing in the Cannon House office building on Jan. 21, 2026. (Photo by Heather Diehl/Getty Images)

Acting CISA chief says DHS funding lapse would limit, halt some agency work

Acting Director Madhu Gottumukkala said it could affect everything from responding to threats to finalizing CIRCIA regulations.

4 days ago By Tim Starks

(Photo by John Smith/VIEWpress/Getty Images)

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release.

5 days ago By Matt Kapko

Wind turbines are seen on a wind farm on a field between agricultural produce in a countryside in a village near Radom, Poland on May 19, 2025. (Photo by Dominika Zarzycka/NurPhoto)

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems.

5 days ago By Tim Starks

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.

6 days ago By Matt Kapko

CISA tells agencies to stop using unsupported edge devices

A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent…

Feb 5, 2026 By Tim Starks

power plant, energy infrastructure, industrial control systems — (Getty Images)

What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC.

Feb 3, 2026 By Tim Starks

Ivanti’s EPMM is under active attack, thanks to two critical zero-days

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed.

Feb 3, 2026 By Matt Kapko

A poll worker helps a person cast their ballot at Fifteenth Avenue Baptist Church on December 2, 2025 in Nashville, Tennessee. Voters head to the polls to fill the house seat left vacant after the resignation of Republican Mark Green. (Photo by Jon Cherry/Getty Images)

As feds pull back, states look inward for election security support

Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies.

Feb 2, 2026 By Derek B. Johnson