Cybersecurity and Infrastructure Security Agency (CISA) Archives

Cisco customers hit by fresh wave of zero-day attacks from China-linked APT

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.

5 days ago By Matt Kapko

Binary code depicted in waves. (iStock/Getty Images)

React2Shell fallout spreads to sensitive targets as public exploits hit all-time high

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE…

6 days ago By Matt Kapko

Chairman of the House Committee on Homeland Security U.S. Rep. Andrew Garbarino, R-N.Y., talks to Secretary of Homeland Security Kristi Noem prior to a hearing in the Cannon House Office Building on Dec. 11, 2025. (Photo by Anna Moneymaker/Getty Images)

Key lawmaker says Congress likely to kick can down road on cyber information sharing law

House Homeland Security Chairman Andrew Garbarino, R-N.Y., also discussed Salt Typhoon, regulations and the cyber workforce Tuesday.

Dec 16, 2025 By Tim Starks

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

Dec 10, 2025 By Matt Kapko

US charges hacker tied to Russian groups that targeted water systems and meat plants

Victoria Dubranova faces charges tied to her alleged role in two groups backed by the Russian government.

Dec 10, 2025 By Greg Otto

Microsoft Headquarters — A sign is seen at the Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

Dec 9, 2025 By Matt Kapko

Sen. Bill Casssidy, R-La., questions Health and Human Services Secretary Robert Kennedy Jr. during a Senate Finance Committee at the Dirksen Senate Office Building on Sept. 4, 2025. (Photo by Andrew Harnik/Getty Images)

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues

The bill, first introduced late last year, deals with regulations, training, grants and more.

Dec 5, 2025 By Tim Starks

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in…

Dec 4, 2025 By Matt Kapko

Sean Plankey, of Pennsylvania, responds to questioning during Senate Committee on Homeland Security and Governmental Affairs hearings to examine his nomination to be Director of the Cybersecurity and Infrastructure Security Agency, of the Department of Homeland Security, in the Dirksen Senate office building, in Washington, DC, on Wednesday July 24, 2025. (Mattie Neretin/CNP/Sipa USA)

Sean Plankey nomination to lead CISA appears to be over after Thursday vote

A hold from Sen. Rick Scott, R- Fla., over a Coast Guard contract appears to be the major reason why.

Dec 4, 2025 By Tim Starks

Google’s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake/Getty Images)

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

Dec 1, 2025 By Matt Kapko