Cybersecurity and Infrastructure Security Agency (CISA) Archives

Safe Mode

Should you still trust your password manager?

Kenny Paterson - Professor of Computer Science, ETH Zurich

3 days ago By CyberScoop Staff

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.

5 days ago By Matt Kapko

Apple discloses first actively exploited zero-day of 2026

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

Feb 12, 2026 By Matt Kapko

CISA to host industry feedback sessions on cyber incident reporting regulation

One industry official told CyberScoop the town halls are probably not what CIRCIA needs right now.

Feb 12, 2026 By Tim Starks

Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency, testifies during the DHS oversight hearing in the Cannon House office building on Jan. 21, 2026. (Photo by Heather Diehl/Getty Images)

Acting CISA chief says DHS funding lapse would limit, halt some agency work

Acting Director Madhu Gottumukkala said it could affect everything from responding to threats to finalizing CIRCIA regulations.

Feb 11, 2026 By Tim Starks

(Photo by John Smith/VIEWpress/Getty Images)

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release.

Feb 10, 2026 By Matt Kapko

Wind turbines are seen on a wind farm on a field between agricultural produce in a countryside in a village near Radom, Poland on May 19, 2025. (Photo by Dominika Zarzycka/NurPhoto)

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems.

Feb 10, 2026 By Tim Starks

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.

Feb 9, 2026 By Matt Kapko

CISA tells agencies to stop using unsupported edge devices

A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent…

Feb 5, 2026 By Tim Starks

power plant, energy infrastructure, industrial control systems — (Getty Images)

What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC.

Feb 3, 2026 By Tim Starks