CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
Weekly headline count for the current query.
US government agencies have until July 19 to patch two critical Fortinet vulnerabilities
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores
CISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recovery
A new CISA‑led guide explains how zero‑trust security can be applied to operational technology, balancing cyber defence with safety and system availability
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
CISA has issued a new directive requiring federal agencies to decommission all end of support edge devices within 12 months to reduce ongoing exploitation risks
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
CISA urges action against insider threats with publication of a new infographic offering strategies to manage risks
CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats
CISA, NCSC and the FBI have released a new security guide to enhance protection for OT environments
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution
US agency CISA has retired ten Emergency Directives issued between 2019 and 2024, marking a new step in managing federal cyber-risk
Cybersecurity agencies have issued guidance for securely integrating AI into OT systems