Security news aggregator

Latest coverage for CISA

Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.

66 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

CISA, short for the Cybersecurity and Infrastructure Security Agency, is a standalone United States federal agency under the Department of Homeland Security (DHS). Established through the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA is tasked with enhancing the security, resilience, and reliability of the nation's cyber and physical infrastructure.

In the context of information security, CISA plays a pivotal role by collaborating with the public and private sectors to defend against threats to the nation’s cybersecurity. The agency is responsible for protecting government networks and providing cybersecurity tools, incident response services, and assessment capabilities to safeguard the ‘.gov’ domain. CISA also coordinates security efforts, shares information on threats and vulnerabilities, and offers guidance and best practices to support cybersecurity risk management for critical infrastructure sectors. The agency's work strengthens the nation's defenses against cyber attacks and supports the protection of critical data across industries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 66 Filtered view

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation

More from The Hacker News 3 Jun 2026, 6:14 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Unauthenticated Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic […]

More from Security Affairs 3 Jun 2026, 3:18 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Palo Alto Networks Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2026-0257 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May […]

More from Security Affairs 1 Jun 2026, 8:36 p.m. Incident · 3 stories Actively exploited CVE-2026-0257 America CISA CVE Flaw Palo Alto Networks Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

More from Security Affairs 29 May 2026, 1:14 a.m. Incident · 2 stories Actively exploited CVE-2026-8398 America CISA CVE Flaw Microsoft Tools Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the LiteSpeed cPanel Plugin flaw CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-48172 (CVSS score of 10.0) affects the LiteSpeed User-End cPanel plugin before version 2.4.5 and allows […]

More from Security Affairs 28 May 2026, 9:39 p.m. Incident · 6 stories Actively exploited CVE-2026-48172 America CISA CVE Flaw Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026

More from The Hacker News 15 May 2026, 5:28 p.m. Incident · 7 stories Actively exploited CVE-2026-20182 America Authentication Bypass CISA CVE Cisco Critical Disclosure Exploit Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild

More from The Hacker News 3 May 2026, 6:26 p.m. Incident · 7 stories Actively exploited CVE-2026-31431 America CISA CVE Disclosure Flaw Linux Privilege Escalation Root Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation

More from The Hacker News 28 Mar 2026, 8:07 p.m. Actively exploited CVE-2025-53521 America CISA CVE Critical F5 Flaw Remote Code Execution Threat Actor Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

More from Bleeping Computer 27 Mar 2026, 8:17 a.m. Actively exploited CVE-2026-33017 Artificial Intelligence CISA CVE Critical Flaw Framework Vulnerability Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild

More from The Hacker News 4 Mar 2026, 5:35 p.m. Actively exploited CVE-2026-22719 America CISA CVE Disclosure Flaw VMware Virtualisation Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. [...]

More from Bleeping Computer 4 Mar 2026, 12:40 p.m. Actively exploited CVE-2026-22719 America CISA CVE Flaw Remote Code Execution VMware Virtualisation Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild

More from The Hacker News 24 Jan 2026, 9:09 p.m. Actively exploited CVE-2024-37079 America CISA CVE Critical Flaw Patch VMware Virtualisation Vulnerability