Tag: cisa
-
Lawmakers move to extend two cyber programs (again) in funding proposal
The extension in the $1.2 trillion funding deal is the latest short-term solution in a monthslong saga for CISA 2015, which provides liability protections to encourage private companies to share digital threat information with the federal government. First seen on therecord.media Jump to article: therecord.media/lawmakers-move-to-extend-two-cyber-programs-again
-
Why the future of security starts with who, not where
Tags: access, attack, cisa, ciso, cloud, compliance, control, cybersecurity, data, framework, google, identity, mfa, monitoring, network, nist, passkey, password, resilience, risk, saas, wifi, zero-trustCloud + remote work = No perimeter: Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops, you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just…
-
Acting CISA Director Pushed to Remove Agency CIO
The drama at the Cybersecurity and Infrastructure Security Agency is not helpful when it needs to focus on defending networks and infrastructure. The post Acting CISA Director Pushed to Remove Agency CIO appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-leadership-crisis/
-
CISA’s secure-software buying tool had a simple XSS vulnerability of its own
A researcher who discovered the vulnerability said it was fixed in December, after he first reported it to the agency in September. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-secure-software-buying-tool-had-a-simple-xss-vulnerability-of-its-own/
-
CISA, Allies Sound Alarm on OT Network Exposure
Joint US, UK and Five Eyes Guidance Flags OT Exposure as National Risk. U.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity – driven by remote access, third-party vendors and IT integration – remains a major threat vector, enabling cyber intrusions to escalate into physical disruptions. First seen on govinfosecurity.com…
-
CISA Issues New AI Security Guidance for Critical Infrastructure
CISA and international partners issued new guidance on securing AI in operational technology, warning of OT risks and urging stronger governance and safeguards. The post CISA Issues New AI Security Guidance for Critical Infrastructure appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-ai-security-guidance-2026/
-
Trump Renominates Sean Plankey to Lead CISA
Former NSC Cyber Adviser Renominated to Lead CISA Amid Ongoing Senate Gridlock. The White House has renominated Sean Plankey to head CISA, reviving a stalled bid hindered by Senate holds and demands to release a report on telecom sector threats linked to China, as the agency continues to operate without a permanent director amid rising…
-
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Tags: access, advisory, attack, authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, kev, mitigation, threat, update, vpn, vulnerability, zero-dayExploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have historically been common targets for cyber attackers, with 23 Fortinet CVEs currently on the CISA KEV list. Public exploit code has…
-
Trump resubmits Sean Plankey for CISA director
Tags: cisaIt’s unclear when the Senate will act on Plankey’s nomination, which stalled last year after multiple senators blocked it. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-trump-renominate-sean-plankey/809614/
-
US cybersecurity weakened by congressional delays despite Plankey renomination
Tags: business, cisa, cyber, cybersecurity, government, infrastructure, law, network, risk, strategy, threatCISA 2015 reauthorization: Likely, but late and suboptimal: A major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which expired on Sept. 30, was temporarily revived on Nov. 13 and given a two-month lease on life through Jan. 30, 2026. The law provides critical legal liability protections that enable cyber threat…
-
Sean Plankey re-nominated to lead CISA
Tags: cisaPresident Donald Trump resubmitted his nomination Tuesday after it stalled in the Senate last year. First seen on cyberscoop.com Jump to article: cyberscoop.com/sean-plankey-re-nominated-to-lead-cisa/
-
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/patch_tuesday_january_2026/
-
U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Windows vulnerability, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft Patch Tuesday security updates for January 2026 release…
-
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-flags-exploited-gogs-flaw-no/
-
Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops First seen on theregister.com Jump to article: www.theregister.com/2026/01/13/cisa_gogs_exploit/
-
For application security: SCA, SAST, DAST and MAST. What next?
Tags: advisory, ai, application-security, automation, best-practice, business, cisa, cisco, cloud, compliance, container, control, cve, data, exploit, flaw, framework, gartner, government, guide, ibm, incident response, infrastructure, injection, kubernetes, least-privilege, ml, mobile, network, nist, resilience, risk, sbom, service, software, sql, supply-chain, threat, tool, training, update, vulnerability, waf<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all&w=1024" alt="Chart: Posture, provenance and proof." class="wp-image-4115680" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?quality=50&strip=all 1430w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=768%2C431&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1024%2C575&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2026/01/posture-provenance-proof.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”575″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> Sunil GentyalaOver the past year the community has admitted the obvious: the battleground is the software supply chain and…
-
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.”Gogs…
-
CISA Alerts on Actively Exploited Gogs Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Gogs, a self-hosted Git service, to its Known Exploited Vulnerabilities catalog, warning that the flaw is being actively exploited in the wild. Critical Vulnerability Details Tracked as CVE-2025-8110, the vulnerability is a path-traversal flaw in Gogs’ improper symbolic link handling in the PutContents…
-
U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, open-source, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Gogs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)addeda Gogspath traversal vulnerability, tracked as CVE-2025-8110 (CVSS Score of 8.7), to itsKnown Exploited Vulnerabilities (KEV) catalog. Gogs (Go Git Service) is a lightweight, open-source, self-hosted Git service written…
-
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Tags: attack, cisa, exploit, flaw, government, rce, remote-code-execution, update, vulnerability, zero-dayCISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
-
CISA Closes Ten Emergency Directives After Federal Cyber Reviews
US agency CISA has retired ten Emergency Directives issued between 2019 and 2024, marking a new step in managing federal cyber-risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-closes-ten-emergency/
-
CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. First seen on hackread.com Jump to article: hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/
-
CISA’s 7 Biggest Challenges in 2026
From infrastructure protection to improving morale, the cybersecurity agency has a lot on its plate — and it still lacks a leader. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-7-biggest-challenges-2026/809088/
-
CISA flags max-severity bug in HPE OneView amid active exploitation
Tags: api, authentication, cisa, endpoint, exploit, flaw, Hardware, intelligence, kev, monitoring, software, strategy, threat, update, vulnerabilityNot an ‘apply and move on’ solution: While CISA’s KEV inclusion raised the priority immediately, enterprises can’t treat OneView like a routine endpoint patch. Management-plane software is often deployed on-premises, sometimes on physical servers, and tightly coupled with production workflows. A rushed fix that breaks monitoring, authentication, or integrations can be almost as dangerous as…
-
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.The list of the directives now considered closed is as follows -ED 19-01: Mitigate DNS Infrastructure TamperingED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch TuesdayED 20-03: Mitigate Windows DNS Server First…
-
CISA retires 10 emergency cyber orders in rare bulk closure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-retires-10-emergency-cyber-orders-in-rare-bulk-closure/
-
Cyber Retaliation Risks Rise After US-Venezuela Operation
CISA Warns of Retaliatory Cyber Action From Hostile State Actors After Venezuela. Federal cybersecurity officials are warning of a likely uptick in retaliatory cyber activity from China and Russia-linked threat actors after the U.S. military raid in Venezuela, urging infrastructure operators to brace for disruptive probing and attacks. First seen on govinfosecurity.com Jump to article:…
-
CISA sunsets 10 emergency directives thanks to evolution of exploited vulnerabilities catalog
The Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that the 10 directives being retired were issued between 2019 and 2024, spanning both the Trump and Biden administrations. First seen on therecord.media Jump to article: therecord.media/cisa-sunsets-10-emergency-directives
-
CISA flags actively exploited Office relic alongside fresh HPE flaw
Max-severity OneView hole joins a PowerPoint bug that should’ve been retired years ago First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/cisa_oneview_powerpoint_bugs/
-
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/08/hpe-oneview-cve-2025-37164-exploited/