Latest coverage for CISA
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
CISA's AI Playbook Pushes For More Information Sharing
The Joint Cyber Defense Collaborative playbook seeks to establish a "a unified approach" on how to handle AI-related cybersecurity threats.
CISA First Spotted Salt Typhoon Hackers in Federal Networks
US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt TyphoonThe U.S. federal government's first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...]
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says
We are only seeing 'the tip of the iceberg,' Easterly warns Beijing's Salt Typhoon cyberspies had been seen in US government networks before telcos discovered the same foreign intruders in their own systems, according to CISA boss Jen Easterly.…
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks
New Federal Playbook Aims to Boost AI Cyber Incident Sharing
US CISA Releases Guidance to Streamline AI Cyber Incident Information SharingThe Cybersecurity and Infrastructure Security Agency released a playbook Tuesday through its flagship public-private collaborative to help guide public-private information sharing around artificial intelligence cybersecurity incidents while detailing federal actions to strengthen shared defense.
Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges
CISA claims US critical infrastructure providers are improving cyber hygiene and remediation activities
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
CISA Releases the Cybersecurity Performance Goals Adoption Report
CISA orders agencies to patch BeyondTrust bug exploited in attacks
CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. [...]