#cisa
15 articles
Government and critical infrastructure sectors bore the brunt of a concentrated threat wave between April and July 2026, as tracked across 17 articles under the CISA tag. Threat actors GRU, Interlock, and LummaC2 were observed exploiting vulnerabilities including CVE-2024-57726, CVE-2026-21643, CVE-2026-34197, CVE-2024-1708, and CVE-2024-20662. The 14 high-severity and 3 critical-severity incidents primarily affected the United States, global operations, North America, and Europe, with technology, defense, and energy sectors also frequently targeted.
HIGHCISA Postmortem Reveals GitHub Credential Leak Lasted Six Months
CISA's postmortem on a GitHub leak exposing 844 MB of internal data, including AWS GovCloud keys, reveals the agency ignored nine automated alerts and took 48 hours to rotate...
HIGHCISA Details FCEB Agency Breach Response Lessons Learned
CISA's incident response at a U.S. federal agency uncovered gaps in EDR alert triage, credential hygiene, and network segmentation — three lessons for all defenders.
HIGHCISA, FBI Warn of LummaC2 Infostealer Targeting Orgs
CISA and FBI joint advisory details LummaC2 infostealer TTPs and IOCs: malware steals credentials, crypto wallets, and session data from compromised networks.
HIGHCISA, USCG Detail Cyber Hygiene Gaps Found in Critical Infrastructure
CISA and USCG found persistent weak configurations, unpatched systems, and credential reuse during a proactive threat hunt at a US critical infrastructure org.
HIGHCISA Details Interlock Ransomware TTPs, IOCs in Joint Advisory
CISA and FBI released a joint advisory on Interlock ransomware, detailing TTPs, IOCs, and a shift from double extortion to data-theft-only attacks targeting healthcare and…
HIGHRussian GRU Targets Western Logistics, Tech Firms in Ukraine Aid
CISA warns Russian GRU hackers target Western logistics and tech firms supporting Ukraine aid since 2022.
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
HIGHPro-Russia Hacktivists Target US Critical Infrastructure
CISA warns pro-Russia hacktivists are conducting opportunistic attacks against US and global critical infrastructure, targeting OT and IT systems with known exploits.
CRITICALCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
HIGHFIRESTARTER Backdoor Compromised Federal Cisco Firepower Device
CISA revealed FIRESTARTER backdoor compromised a federal Cisco Firepower device running ASA software in September 2025, surviving patching and enabling persistent remote access.
CRITICALCISA Warns Axios npm Package Compromised in Supply Chain Attack
CISA alerts that the Axios npm package, with over 60 million weekly downloads, was compromised in a supply chain attack, injecting malicious code into downstream applications.
HIGHApache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog
A high-severity flaw in Apache ActiveMQ Classic, CVE-2026-34197 (CVSS 8.8), is under active exploitation, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and mandate patching for federal agencies.
HIGHCISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe
CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.
HIGHCISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.
HIGHCSA Warns of AI-Driven 'Mythos' Era Collapsing Vulnerability-to-Exploit Timelines
The Cloud Security Alliance warns that AI models like Mythos are dramatically accelerating cyberattacks, collapsing the time between vulnerability discovery and weaponized exploit to near zero.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.