#cisa
14 articles
Government and critical infrastructure sectors faced a concentrated wave of cyber threats in April 2026, with 16 articles tagged under CISA covering 13 high-severity and 3 critical-severity incidents. Threat actors GRU, Interlock, and LummaC2 were observed, while key vulnerabilities included CVE-2024-57726 (CVSS 9.9), CVE-2026-21643 (CVSS 9.1), CVE-2026-34197 (CVSS 8.8), CVE-2024-1708 (CVSS 8.4), and CVE-2024-20662. The United States, along with global, North American, and European regions, were primarily affected across technology, defense, and energy sectors.
HIGHCISA Details FCEB Agency Breach Response Lessons Learned
CISA's incident response at a U.S. federal agency uncovered gaps in EDR alert triage, credential hygiene, and network segmentation — three lessons for all defenders.
HIGHCISA, FBI Warn of LummaC2 Infostealer Targeting Orgs
CISA and FBI joint advisory details LummaC2 infostealer TTPs and IOCs: malware steals credentials, crypto wallets, and session data from compromised networks.
HIGHCISA, USCG Detail Cyber Hygiene Gaps Found in Critical Infrastructure
CISA and USCG found persistent weak configurations, unpatched systems, and credential reuse during a proactive threat hunt at a US critical infrastructure org.
HIGHCISA Details Interlock Ransomware TTPs, IOCs in Joint Advisory
CISA and FBI released a joint advisory on Interlock ransomware, detailing TTPs, IOCs, and a shift from double extortion to data-theft-only attacks targeting healthcare and…
HIGHRussian GRU Targets Western Logistics, Tech Firms in Ukraine Aid
CISA warns Russian GRU hackers target Western logistics and tech firms supporting Ukraine aid since 2022.
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
HIGHPro-Russia Hacktivists Target US Critical Infrastructure
CISA warns pro-Russia hacktivists are conducting opportunistic attacks against US and global critical infrastructure, targeting OT and IT systems with known exploits.
CRITICALCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
HIGHFIRESTARTER Backdoor Compromised Federal Cisco Firepower Device
CISA revealed FIRESTARTER backdoor compromised a federal Cisco Firepower device running ASA software in September 2025, surviving patching and enabling persistent remote access.
CRITICALCISA Warns Axios npm Package Compromised in Supply Chain Attack
CISA alerts that the Axios npm package, with over 60 million weekly downloads, was compromised in a supply chain attack, injecting malicious code into downstream applications.
HIGHApache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog
A high-severity flaw in Apache ActiveMQ Classic, CVE-2026-34197 (CVSS 8.8), is under active exploitation, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and mandate patching for federal agencies.
HIGHCISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe
CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.
HIGHCISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.
HIGHCSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit Timelines
The Cloud Security Alliance warns that AI models like Mythos are dramatically accelerating cyberattacks, collapsing the time between vulnerability discovery and weaponized exploit to near zero.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.