#cisa

[ follow ]
#cybersecurity #vulnerabilities #ai #ransomware #security #ciso #critical-infrastructure #national-security
Information security
fromSecurityWeek
3 hours ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.
Marketing tech
fromExchangewire
5 hours ago

Shinka Achieves SOC 2 Type II Certification

Shinka achieved SOC 2 Type II certification, demonstrating its commitment to security and compliance as it scales globally.
Privacy professionals
fromWIRED
1 hour ago

Congress Turns Up Pressure on DHS Over Palantir's Role in Immigration Crackdown

Members of Congress demand DHS and ICE disclose details on surveillance tools used in immigration enforcement.
Washington DC
fromNextgov.com
19 hours ago

Pentagon announces senior appointments to CIO's office

Five officials appointed to the Pentagon's CIO office to enhance technology management and drive transformation.
#cybersecurity
Information security
fromNextgov.com
21 hours ago

Expect more cybersecurity executive orders soon, national cyber director says

President Trump is expected to sign more cybersecurity executive orders soon, following the release of the national cyber strategy.
Higher education
fromNextgov.com
1 day ago

CISA cancels CyberCorps summer internship hiring amid DHS shutdown

CISA reversed its decision to onboard summer interns due to a funding lapse in the Department of Homeland Security.
Careers
fromSecurityWeek
1 day ago

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.
Cryptocurrency
fromnews.bitcoin.com
6 days ago

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.
Information security
fromNextgov.com
21 hours ago

Expect more cybersecurity executive orders soon, national cyber director says

President Trump is expected to sign more cybersecurity executive orders soon, following the release of the national cyber strategy.
more#cybersecurity
#microsoft
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.
Information security
fromSecurityWeek
1 day ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Privacy technologies
fromThe Verge
1 day ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromZero Day Initiative
1 day ago

Zero Day Initiative - The April 2026 Security Update Review

Several critical vulnerabilities in Microsoft products require attention, particularly those related to Office, RDP, Active Directory, and .NET Framework.
Information security
fromSecurityWeek
1 day ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
Business intelligence
fromNextgov.com
2 days ago

Agencies are missing a step to share information on better AI acquisition, GAO finds

Agencies must enhance sharing of lessons learned in AI acquisition to improve the procurement process.
UK politics
fromComputerWeekly.com
2 days ago

Flood warning: How citizens' AI agents will swamp public services | Computer Weekly

AI has the potential to transform public services by reducing user friction and improving access for citizens.
Careers
fromNextgov.com
16 hours ago

OPM cuts degree requirements for government tech jobs in new standards

New standards for technology employees eliminate degree requirements, focusing on skill assessments for government job qualifications.
Software development
fromZDNET
22 hours ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
#ai-governance
more#ai-governance
Washington DC
fromNextgov.com
5 days ago

DHS intelligence office restructuring would still keep it under ODNI oversight

The White House plans to restructure DHS's intelligence unit while maintaining its oversight under the Office of the Director of National Intelligence.
Information security
fromComputerWeekly.com
33 minutes ago

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.
SF politics
fromNextgov.com
2 weeks ago

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.
Information security
fromSecurityWeek
1 day ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Careers
fromComputerWeekly.com
5 days ago

Businesses are paying the price for CISO burnout | Computer Weekly

Burnout among CISOs poses significant risks to businesses, driven by overwhelming responsibilities and rising cyber threats.
Podcast
fromSecuritymagazine
3 weeks ago

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.
#ai
Information security
fromSecurityWeek
2 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.
fromFortune
2 days ago
Information security

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Information security
fromSecurityWeek
2 days ago

'Mythos-Ready' Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

Mythos from Anthropic poses a significant threat by accelerating the timeline between vulnerability detection and exploitation in cybersecurity.
Information security
fromTechzine Global
1 day ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.
Information security
fromTechzine Global
2 days ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.
Information security
fromFortune
2 days ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.
more#ai
#cisco
Information security
fromThe Hacker News
2 hours ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
4 hours ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
2 hours ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
4 hours ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
#iam
Information security
fromInfoWorld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
more#iam
Information security
fromSecurityWeek
1 day ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
#data-breach
fromTechCrunch
2 days ago
Information security

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Information security
fromSecuritymagazine
1 day ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.
Information security
fromTechCrunch
2 days ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
more#data-breach
Information security
fromSecurityWeek
1 day ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.
Information security
fromSecurityWeek
1 day ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.
US politics
fromTheregister
2 months ago

CISA insider-threat warning comes with an ironic twist

Insider threats are among the most serious security risks and require multidisciplinary teams and decisive action to detect, mitigate, and prevent damage.
Information security
fromThe Hacker News
2 days ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
Information security
fromSecuritymagazine
1 day ago

Beyond the Bodyguard: Why Executive Protection Requires a New Playbook

The executive protection model must evolve from a reactive approach to a comprehensive security infrastructure due to increased accessibility of personal information.
Information security
fromArs Technica
1 day ago

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.
Information security
fromWIRED
1 day ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
US politics
fromNextgov.com
1 month ago

CISA threat-hunting leader to depart for private sector role

CISA's associate director for threat hunting, Jermaine Roebuck, is leaving for the private sector amid agency furloughs and ongoing workforce attrition.
fromNextgov.com
2 months ago

CISA to furlough most of its workforce under impending DHS shutdown

A likely partial government shutdown after Friday would impair the Cybersecurity and Infrastructure Security Agency's operations, leading to diminished capabilities in critical areas including cyber response, security assessments, stakeholder engagements, training exercises and special event planning, a top official said this week. CISA would furlough a majority of its workforce and just one-third would remain on the job under shutdown conditions, agency acting director Madhu Gottumukkala told House appropriators on Wednesday.
US politics
US politics
fromSecurityWeek
1 month ago

CISA Navigates DHS Shutdown With Reduced Staff

CISA operations continue during the DHS shutdown at reduced capacity, requiring 888 of 2,341 staff to work without pay while projects are curtailed.
fromSecurityWeek
6 days ago

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."
Information security
Information security
fromTechRepublic
1 week ago

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.
Information security
fromSecuritymagazine
1 week ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromThe Hacker News
1 week ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
fromComputerworld
1 week ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
Information security
fromReadWrite
3 weeks ago

The CISO Struggle: How AI is Changing the Data Security Landscape

Generative AI adoption is rapid, but security governance is lagging, creating significant risks for organizations.
Information security
fromComputerworld
3 weeks ago

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

CISA urges organizations to harden endpoint management system configurations, particularly Microsoft Intune, following a pro-Iranian threat actor's compromise of Stryker's systems.
Information security
fromSecurityWeek
4 weeks ago

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

Microsoft SharePoint vulnerability CVE-2026-20963, a critical remote code execution flaw, is being exploited in the wild despite Microsoft's assessment indicating exploitation is less likely.
#cyberattack
Information security
fromNextgov.com
4 weeks ago

CISA, FBI have engaged with Stryker staff after cyberattack, official says

CISA and FBI are assisting Stryker in responding to a major cyberattack claimed by an Iran-aligned hacking group that disrupted employee access and systems worldwide.
Information security
fromNextgov.com
4 weeks ago

CISA, FBI have engaged with Stryker staff after cyberattack, official says

CISA and FBI are assisting Stryker in responding to a major cyberattack claimed by an Iran-aligned hacking group that disrupted employee access and systems worldwide.
more#cyberattack
Information security
fromSecurityWeek
4 weeks ago

CISA Flags Year-Old Wing FTP Vulnerability as Exploited

CISA warns that a year-old Wing FTP vulnerability (CVE-2025-47813) is being exploited in the wild, disclosing server installation paths that attackers can use to exploit critical remote code execution flaws.
Information security
fromThe Hacker News
4 weeks ago

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.
Information security
fromThe Hacker News
1 month ago

Why Security Validation Is Becoming Agentic

Security validation tools operate in silos while attackers exploit interconnected systems, creating a structural blind spot that Agentic Exposure Validation can address through continuous, autonomous, context-aware assessment.
fromDataBreaches.Net
1 month ago

CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams - DataBreaches.Net

CISA's guidance is intended to assist critical infrastructure stakeholders, which includes private sector entities across various sectors, with implementing an insider threat mitigation program that combines physical security, cybersecurity, personnel awareness, and community partnerships. Although framed for critical infrastructure, CISA's guidance is relevant to a broader range of organizations, including those outside of critical infrastructure sectors.
Information security
#cisa-kev
more#cisa-kev
Information security
fromTechzine Global
2 months ago

CISA warns of active exploitation of critical SolarWinds vulnerability

A critical remote-code-execution vulnerability CVE-2025-40551 in SolarWinds Web Help Desk is actively exploited; federal agencies must install the patch within three days.
fromTheregister
1 month ago

CISA gives feds 3 days to patch actively exploited Dell bug

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place.
Information security
fromNextgov.com
2 months ago

AI info-sharing center is in development, CISA official says

We just want to make sure we've got the right elements of, how do we pull together people, and how do we take advantage of the leadership position that we have
Information security
#edge-devices
fromNextgov.com
2 months ago
Information security

CISA orders agencies to patch and replace end-of-life devices, citing active exploitation

fromNextgov.com
2 months ago
Information security

CISA orders agencies to patch and replace end-of-life devices, citing active exploitation

more#edge-devices
#cisa-leadership-changes
more#cisa-leadership-changes
fromSecurityWeek
2 months ago

Questions Raised Over CISA's Silent Ransomware Updates in KEV Catalog

Thorpe described the KEV updates as representing a material change to an organization's risk posture. "Your prioritization calculus should shift. But there's no alert, no announcement. Just a field change in a JSON file," the expert said. "We're good at reacting to new disclosures. Decent at tracking active exploitation. But we're not great at noticing when the characterization of existing threats evolves," Thorpe noted.
Information security
Information security
fromNextgov.com
2 months ago

NIST releases a new draft cybersecurity framework for systems that never stop moving

Transportation cybersecurity lags behind other critical infrastructure sectors, creating evacuation and public-safety risks as transit systems become more digitalized.
Information security
fromNextgov.com
2 months ago

Building government resilience in an era of AI-driven cyberattacks

Governments must rapidly transform defenses to counter escalating, stealthy AI-driven cyberattacks and prepare for destructive operations targeting critical infrastructure.
Information security
fromTheregister
2 months ago

CISA quietly updated ransomware flags on 59 flaws last year

On 59 occasions in 2025 CISA changed KEV entries to indicate ransomware use without alerting defenders, creating unnoticed risk shifts and missed remediation priorities.
Information security
fromSecuritymagazine
2 months ago

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.
[ Load more ]