X-Industry

For years, the United States federal government's Known Exploited Vulnerabilities (KEV) Catalog has served as an essential operational anchor for vulnerability management.  Despite its authority, the cybersecurity community has wrestled with a frustrating structural bottleneck: the catalog has traditionally operated as a trailing indicator.  US, DHS CISA had to privately validate in-the-wild exploitation before publishing, occasionally warning network defenders’ days or weeks after threat actors

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and many internal CISA systems.  Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

On 15 May, KrebsOnSecurity heard from Gui

The US DHS, Cybersecurity and Infrastructure Security Agency (CISA) is launching new cybersecurity crisis planning guidance for critical infrastructure organizations.  CISA’s new “CI Fortify” initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a “geopolitical crisis” involving cyber-attacks that could sever their connections to internet, telecommunications and other technology services.

CISA’s guidance features two prim

President Donald Trump’s administration has outlined plans to reduce the Cybersecurity and Infrastructure Security Agency's budget by $707 million in its fiscal year 2027 proposal. The announcement, made earlier this month, forms part of broader government spending plans that also touch on areas such as airport security.   Separate government budget documents present a slightly different figure, suggesting a reduction of $361 million instead.  The variation is thought to arise from differences i

Release Date: 7 April 2026

CISA Alert Code: AA26-097A

The US federal government is rethinking how to support its globally adopted vulnerability tracking ecosystem after years of backlogs, funding scares, and growing doubts about whether the existing model can scale as vulnerability disclosures continue to accelerate.  At the center of that ecosystem, there are two distinct but interdependent components.  The Common Vulnerabilities and Exposures program, operated by Mitre, assigns standardized identifiers to software flaws.  The National Vulnerabili

2025 marked yet another busy year in security, between big attacks, government shakeups, and dangerous flaws that echo of the past.  The moments that defined this year were impactful but felt evenly spread across the year.  Early in 2025, we observed the China-nexus advanced persistent threat (APT) Salt Typhoon continuing its assault against telecom companies as part of its espionage operations.  In the summer and into the fall, we saw the Cybersecurity and Infrastructure Security Agency (CISA)

The cyber threat landscape is constantly evolving, but few threats demand immediate, sector-wide attention like the latest joint advisory on the Akira ransomware.    The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and international partners recently issued a crucial advisory (AA24-109A) detailing the tactics, techniques, and procedures (TTPs) of the Akira ransomware group.  Their accompanying press release highlighted the need for decisi

The federal government confirmed on 14 November that hackers are exploiting a vulnerability affecting Fortinet devices that has caused alarm among cybersecurity experts since early October 2025.  The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies seven days to patch CVE-2025-64446 and released an advisory that said it is “aware of exploitation.”  CISA typically gives agencies 21 days to patch most vulnerabilities added to its list of exploited bugs.  C

The US cybersecurity agency CISA on 27 October 2025 warned that two recent vulnerabilities in DELMIA Apriso factory software have been exploited in attacks.  A manufacturing operations management (MOM) and manufacturing execution system (MES) software made by the French company Dassault Systèmes, DELMIA Apriso, enables the management of the entire manufacturing process.  The two flaws flagged as exploited are tracked as CVE-2025-6204 (CVSS score of 8.0) and CVE-2025-6205 (CVSS score of 9.1) and

The United States federal government has ended its longstanding support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), a trusted program for sharing cyber threat intelligence that state and local governments have relied on for years.  The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that its cooperative agreement with the Center for Internet Security (CIS) the nonprofit that runs MS-ISAC expired on 30 September 2025.  With federal funding now cut,

The US Cybersecurity and Infrastructure Security Agency (CISA) on 13 August 2025 added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform.[1]

The vulnerabilit

A recently disclosed vulnerability in train braking systems could let hackers remotely stop trains with relatively simple and inexpensive hardware, potentially causing derailments, according to the US Cybersecurity & Infrastructure Security Agency (CISA).  The high-severity vulnerability, tracked as CVE-2025-1727, involves weak authentication in the protocol used to send what are known as end-of-train and head-of-train packets, radio signals that command a rail vehicle’s end-of-train device to s

On 16 April, US DHS CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

Found in CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices.  Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks.  "Improper neutralization of speci

Recent reports indicate that the US Cybersecurity and Infrastructure Security Agency (CISA) is preparing for significant workforce reductions.  These changes are the result of budgetary pressures, duplication of departments, advances in AI and evolving threat landscapes, have far-reaching implications across multiple levels of the cybersecurity ecosystem.

CISA, known as "America's Cyber Defense Agency," is facing massive layoffs that could impact its ability to safeguard the nation's critical in

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cyber security advisory on the growing threat of Ghost ransomware. A variation of this strain of malware called GhostSocks uses SOCKS5 to bypass anti-fraud mechanisms and geographic restrictions. First detected in 2021, this ransomware group has targeted organizations in over 70 countries, exploiting unpatched software, weak credentials, and outdated security configurations to infiltrate enterprise networ

It has been a confusing few days in US cyber security. At the end of February of this year, it was reported that Defense Secretary Pete Hegseth had ordered US Cyber Command to pause its offensive operations against Russia. The news was swiftly followed by reports that the US Cybersecurity and Infrastructure Security Agency (CISA) staff had been instructed to turn a blind eye to hacks directed against the United States that might be linked to Russia. The Trump administration had reportedly ordere

On 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1].  This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations. 

Ghost actors conduct these widespread attack

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about three flaws allowing hackers to use Mitel MiCollab and Oracle WebLogic Server on its Known Exploited Vulnerabilities catalog (KEV). This security defect will enable attackers to perform unauthorized administrative actions and access user and network information.

Currently, there is no information on how these flaws are exploited in real-world attacks, who may be exploiting them, or the targets of th

CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report