CISA Archives

Compliance

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA

By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics.

Ryan Naraine5 days ago

ICS/OT

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

Agencies say the attacks leverage basic intrusion techniques, but poor cyber hygiene within critical infrastructure organizations could lead to disruptions and damage.

Ionut Arghire6 days ago

Government

White House Proposal Slashes Half-Billion From CISA Budget

The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”

Ryan NaraineMay 5, 2025

Identity & Access

CISA Issues Guidance After Oracle Cloud Hack

CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.

Eduard KovacsApril 17, 2025

Government

MITRE CVE Program Gets Last-Hour Funding Reprieve

The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.

Ryan NaraineApril 16, 2025

Government

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs

Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne.

Ryan NaraineApril 10, 2025

Malware & Threats

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations

US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations.

Ionut ArghireApril 4, 2025

Malware & Threats

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks

CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.

Ionut ArghireMarch 31, 2025

Government

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

The effects of the backlog are already being felt in vulnerability management circles where NVD data promises an enriched source of truth.

Ryan NaraineMarch 24, 2025

Government

Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections

The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election...

Associated PressMarch 12, 2025