ZCyberNews
中文

#cisa

15 articles

Government and critical infrastructure sectors bore the brunt of a concentrated threat wave between April and July 2026, as tracked across 17 articles under the CISA tag. Threat actors GRU, Interlock, and LummaC2 were observed exploiting vulnerabilities including CVE-2024-57726, CVE-2026-21643, CVE-2026-34197, CVE-2024-1708, and CVE-2024-20662. The 14 high-severity and 3 critical-severity incidents primarily affected the United States, global operations, North America, and Europe, with technology, defense, and energy sectors also frequently targeted.

Screenshot of a CISA postmortem report cover page titled 'Lessons Learned from CISA's Recent GitHub Leak'HIGH
Industry News

CISA Postmortem Reveals GitHub Credential Leak Lasted Six Months

CISA's postmortem on a GitHub leak exposing 844 MB of internal data, including AWS GovCloud keys, reveals the agency ignored nine automated alerts and took 48 hours to rotate...

3 min read
CISA Details FCEB Agency Breach Response Lessons LearnedHIGH
Industry News

CISA Details FCEB Agency Breach Response Lessons Learned

CISA's incident response at a U.S. federal agency uncovered gaps in EDR alert triage, credential hygiene, and network segmentation — three lessons for all defenders.

3 min read
CISA, FBI Warn of LummaC2 Infostealer Targeting OrgsHIGH
Malware

CISA, FBI Warn of LummaC2 Infostealer Targeting Orgs

CISA and FBI joint advisory details LummaC2 infostealer TTPs and IOCs: malware steals credentials, crypto wallets, and session data from compromised networks.

2 min readLummaC2
CISA, USCG Detail Cyber Hygiene Gaps Found in Critical InfrastructureHIGH
Industry News

CISA, USCG Detail Cyber Hygiene Gaps Found in Critical Infrastructure

CISA and USCG found persistent weak configurations, unpatched systems, and credential reuse during a proactive threat hunt at a US critical infrastructure org.

2 min read
CISA Details Interlock Ransomware TTPs, IOCs in Joint AdvisoryHIGH
Threat Intel

CISA Details Interlock Ransomware TTPs, IOCs in Joint Advisory

CISA and FBI released a joint advisory on Interlock ransomware, detailing TTPs, IOCs, and a shift from double extortion to data-theft-only attacks targeting healthcare and…

2 min readInterlock
Russian GRU Targets Western Logistics, Tech Firms in Ukraine AidHIGH
Threat Intel

Russian GRU Targets Western Logistics, Tech Firms in Ukraine Aid

CISA warns Russian GRU hackers target Western logistics and tech firms supporting Ukraine aid since 2022.

2 min readGRU
CISA Adds Actively Exploited ConnectWise, Windows Flaws to KEVHIGH
Vulnerabilities

CISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV

CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.

CVE-2024-1708
3 min read
Pro-Russia Hacktivists Target US Critical InfrastructureHIGH
Threat Intel

Pro-Russia Hacktivists Target US Critical Infrastructure

CISA warns pro-Russia hacktivists are conducting opportunistic attacks against US and global critical infrastructure, targeting OT and IT systems with known exploits.

2 min readPro-Russia Hacktivists
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 DeadlineCRITICAL
Vulnerabilities

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline

CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.

CVE-2024-57726
3 min read
FIRESTARTER Backdoor Compromised Federal Cisco Firepower DeviceHIGH
Threat Intel

FIRESTARTER Backdoor Compromised Federal Cisco Firepower Device

CISA revealed FIRESTARTER backdoor compromised a federal Cisco Firepower device running ASA software in September 2025, surviving patching and enabling persistent remote access.

2 min read
CISA Warns Axios npm Package Compromised in Supply Chain AttackCRITICAL
Threat Intel

CISA Warns Axios npm Package Compromised in Supply Chain Attack

CISA alerts that the Axios npm package, with over 60 million weekly downloads, was compromised in a supply chain attack, injecting malicious code into downstream applications.

3 min read
Apache ActiveMQ Vulnerability Exploited, Added to CISA KEV CatalogHIGH
Vulnerabilities

Apache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog

A high-severity flaw in Apache ActiveMQ Classic, CVE-2026-34197 (CVSS 8.8), is under active exploitation, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and mandate patching for federal agencies.

CVE-2026-34197
3 min read
CISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, AdobeHIGH
Vulnerabilities

CISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe

CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.

CVE-2026-21643
3 min read
CISA Warns of Actively Exploited Windows, Adobe Acrobat VulnerabilitiesHIGH
Vulnerabilities

CISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities

CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.

CVE-2024-21412CVE-2024-20662
4 min read
CSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit TimelinesHIGH
Threat Intel

CSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit Timelines

The Cloud Security Alliance warns that AI models like Mythos are dramatically accelerating cyberattacks, collapsing the time between vulnerability discovery and weaponized exploit to near zero.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.