#cisa — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cisa, aggregated by home.social.
-
CISA has listed several industrial vulnerabilities https://www.cisa.gov/ #CISA #vulnerability #infosec
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
📰 CISA and G7 Partners Release New Guidance for AI SBOMs
CISA and G7 partners have released new guidance on creating a Software Bill of Materials for AI (AI SBOM). The goal is to bring transparency to the AI supply chain by listing the 'ingredients' of AI models. 🤖📄 #AISecurity #SBOM #CISA #G7
-
CISA has updated the KEV catalogue.
- CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-42208 #CISA #infosec #vulnerability
-
This Week in Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, and Backdoored Tools
-
This Week in Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, and Backdoored Tools
-
CISA's Election Security Support Plummets Ahead of Midterms
As the midterms approach, Senator Mark Warner is sounding the alarm on a concerning decline in federal election security support, warning that states can't go it alone in protecting their elections from growing physical and cyber threats. Without robust federal backing, states are left vulnerable to attacks, despite their best efforts to safeguard the…
-
CISA Launches Framework to Fortify Critical Infrastructure Against Cyber-Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched CI Fortify, a vital planning framework designed to shield critical infrastructure sectors like water, energy, and transportation from devastating cyber-attacks. This timely guidance helps organizations safeguard their networks and…
#CriticalInfrastructure #CiFortify #Cisa #CyberThreats #OperationalTechnology
-
CISA Urges Infrastructure Operators to Plan for Extended Isolation
To stay ahead of potential disruptions, critical infrastructure operators must plan for extended isolation - and CISA's CI Fortify initiative is here to help, offering targeted assessments and operational planning to keep essential services running smoothly.
#CriticalInfrastructure #Isolation #Cisa #CiFortify #OperationalPlanning
-
📰 CISA Launches 'CI Fortify' to Bolster Critical Infrastructure Resilience
CISA launches 'CI Fortify,' a new initiative to strengthen U.S. critical infrastructure resilience. 🛡️ The guidance urges organizations to develop proactive isolation & recovery capabilities to maintain operations during a crisis. #CISA #CriticalInfrastructure #CyberSecurity
-
📰 CISA Launches 'CI Fortify' to Bolster Critical Infrastructure Resilience
CISA launches 'CI Fortify,' a new initiative to strengthen U.S. critical infrastructure resilience. 🛡️ The guidance urges organizations to develop proactive isolation & recovery capabilities to maintain operations during a crisis. #CISA #CriticalInfrastructure #CyberSecurity
-
Microsoft issues warning about a flaw affecting millions of Linux systems
https://www.linux-magazine.com/Online/News/Microsoft-Issues-Warning-About-Linux-Vulnerability?utm_source=mlm
#CISA #Microsoft #security #vulnerability #Linux #kernel -
Five Eyes Warns of Autonomous AI Security Risks
As autonomous AI systems increasingly take control, experts warn that a new wave of security risks is emerging - and being prepared is crucial. Having operational visibility into these systems is key to understanding and mitigating potential threats.
-
**Post 2:**
The guidance also admits prompt injection may never be solved -- and that the industry has no mature methods to evaluate whether agentic systems are behaving as intended.
The phrase that matters: the agent might be lying to the governor.
Not a critic. Six governments, in writing.
haunted.lighthouse.co.im/articles/strong-governance-is-not-optional/?utm_source=mastodon
#CyberSecurity #AgenticAI #NCSC #CISA #Governance #IsleOfMan
-
**Post 2:**
The guidance also admits prompt injection may never be solved -- and that the industry has no mature methods to evaluate whether agentic systems are behaving as intended.
The phrase that matters: the agent might be lying to the governor.
Not a critic. Six governments, in writing.
haunted.lighthouse.co.im/articles/strong-governance-is-not-optional/?utm_source=mastodon
#CyberSecurity #AgenticAI #NCSC #CISA #Governance #IsleOfMan
-
**Post 2:**
The guidance also admits prompt injection may never be solved -- and that the industry has no mature methods to evaluate whether agentic systems are behaving as intended.
The phrase that matters: the agent might be lying to the governor.
Not a critic. Six governments, in writing.
haunted.lighthouse.co.im/articles/strong-governance-is-not-optional/?utm_source=mastodon
#CyberSecurity #AgenticAI #NCSC #CISA #Governance #IsleOfMan
-
**Post 2:**
The guidance also admits prompt injection may never be solved -- and that the industry has no mature methods to evaluate whether agentic systems are behaving as intended.
The phrase that matters: the agent might be lying to the governor.
Not a critic. Six governments, in writing.
haunted.lighthouse.co.im/articles/strong-governance-is-not-optional/?utm_source=mastodon
#CyberSecurity #AgenticAI #NCSC #CISA #Governance #IsleOfMan
-
Copy Fail was added to the KEV.
-
Joint guidance just released from leading Western security agencies on safely adopting agentic AI services. Key considerations, emerging risks, and best practices for implementation. Worth a read. #AI #AgenticAI #Cybersecurity #ASD #ACSC #CISA #NSA #CCCS #NCSCNZ #NCSCUK
Careful Adoption of Agentic AI... -
#CISA-Warnung: Angriffe auf #ConnectWise #ScreenConnect und #WindowsShell | Security https://www.heise.de/news/CISA-Warnung-Angriffe-auf-ConnectWise-ScreenConnect-und-Windows-Shell-11276026.html #exploit #Patchday
-
But what about foreign adversaries like Elon Musk?
"Cyber Command, NSA chief warns foreign adversaries likely to target midterms"
https://therecord.media/cyber-command-nsa-chief-midterm-election-threat
#USPol #USElections #CISA #NSA #USCyberCommand #ElectionInterference #ArmyGenJoshuaRudd -
But what about foreign adversaries like Elon Musk?
"Cyber Command, NSA chief warns foreign adversaries likely to target midterms"
https://therecord.media/cyber-command-nsa-chief-midterm-election-threat
#USPol #USElections #CISA #NSA #USCyberCommand #ElectionInterference #ArmyGenJoshuaRudd -
But what about foreign adversaries like Elon Musk?
"Cyber Command, NSA chief warns foreign adversaries likely to target midterms"
https://therecord.media/cyber-command-nsa-chief-midterm-election-threat
#USPol #USElections #CISA #NSA #USCyberCommand #ElectionInterference #ArmyGenJoshuaRudd -
But what about foreign adversaries like Elon Musk?
"Cyber Command, NSA chief warns foreign adversaries likely to target midterms"
https://therecord.media/cyber-command-nsa-chief-midterm-election-threat
#USPol #USElections #CISA #NSA #USCyberCommand #ElectionInterference #ArmyGenJoshuaRudd -
But what about foreign adversaries like Elon Musk?
"Cyber Command, NSA chief warns foreign adversaries likely to target midterms"
https://therecord.media/cyber-command-nsa-chief-midterm-election-threat
#USPol #USElections #CISA #NSA #USCyberCommand #ElectionInterference #ArmyGenJoshuaRudd -
Cisa Cerraduras: Instalación y Cambio 24H
Garantiza la seguridad de tu hogar o negocio con cerraduras Cisa, reconocidas por su durabilidad y tecnología avanzada.#Cisa #CisaBarcelona #CisaBCN #CerradurasCisa #Cerrajeria #Cerrajeros #Cerrajero #Cerraduras #Llaves #Seguridad #Puertas #Ferreteria #Vivienda #Hogar #Urgencias #Cerrajeros24H #Claves #Serrallers #Català #SeguridadHogar #CerrajeroBarcelona #Barcelona #BCN #Catalunya #España #PuertasBarc
-
Cisa Cerraduras: Instalación y Cambio 24H
Garantiza la seguridad de tu hogar o negocio con cerraduras Cisa, reconocidas por su durabilidad y tecnología avanzada.#Cisa #CisaBarcelona #CisaBCN #CerradurasCisa #Cerrajeria #Cerrajeros #Cerrajero #Cerraduras #Llaves #Seguridad #Puertas #Ferreteria #Vivienda #Hogar #Urgencias #Cerrajeros24H #Claves #Serrallers #Català #SeguridadHogar #CerrajeroBarcelona #Barcelona #BCN #Catalunya #España #PuertasBarc
-
#Trump’s pick to run US cyber agency #CISA asks to drop out
https://techcrunch.com/2026/04/23/trumps-pick-to-run-us-cyber-agency-cisa-asks-to-drop-out/
-
Un backdoor FIRESTARTER persistant découvert sur un équipement Cisco ASA dans un réseau fédéral américain — et c'est la CISA qui le signale. Ce qui intrigue : la persistance sur ce type de matériel demande une connaissance assez fine de l'architecture. Un rappel que les équipements réseau sont une cible de choix, souvent moins scrutés que les serveurs. #infosec #CISA #backdoor
https://securityaffairs.com/191241/hacking/cisa-reports-persistent-fi… -
#CISA orders feds to patch #BlueHammer flaw exploited as zero-day
-
FIRESTARTER-Backdoor: CISA und NCSC warnen vor APT-Malware auf Cisco-Firewalls
Die Schadsoftware richtet sich gezielt gegen öffentlich erreichbare Cisco-Firewall-Geräte und ermöglicht Angreifern langfristigen Fernzugriff – auch nach dem Einspielen von Sicherheits-Patches.
#CISA #backdoors #malware #apt #cisco #firewall #cybersecurity
-
FIRESTARTER-Backdoor: CISA und NCSC warnen vor APT-Malware auf Cisco-Firewalls
Die Schadsoftware richtet sich gezielt gegen öffentlich erreichbare Cisco-Firewall-Geräte und ermöglicht Angreifern langfristigen Fernzugriff – auch nach dem Einspielen von Sicherheits-Patches.
#CISA #backdoors #malware #apt #cisco #firewall #cybersecurity
-
lol. lmao, even.
To be clear: it absolutely sucks that the Trump administration has done the same hatchet job to #CISA that they've done to most of the rest of the federal government. We need strong federal #infosec leadership. But after all the damage Trump has done to CISA, it's a joke and will remain a joke regardless of whether it has a Senate-confirmed head and regardless of who that head is.
Given that, I am comfortable laughing at the ineptitude here.
https://techcrunch.com/2026/04/23/trumps-pick-to-run-us-cyber-agency-cisa-asks-to-drop-out/ -
Does anyone know if what CISA is putting out post-Jen is worth looking or is just like the rest of the anal flem this administration produces? I mean, for realz inside knowledge?
https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html
-
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Active exploitation attempts targeting CVE-2023-33538 in end-of-life TP-Link Wi-Fi routers were identified after CISA added it to the KEV catalog in June 2025. The vulnerability affects several router models including TL-WR940N, TL-WR740N, and TL-WR841N. Observed attacks attempted to deploy Mirai-like botnet malware, specifically variants associated with the Condi IoT botnet. Through firmware emulation and reverse engineering, researchers confirmed the vulnerability exists but discovered that successful exploitation requires authentication. The in-the-wild attacks contained critical flaws: they targeted the wrong parameter (ssid instead of ssid1), lacked authentication, and relied on utilities not present in the router firmware. The command injection vulnerability in the WlanNetworkRpm endpoint allows remote attackers to execute arbitrary commands when authenticated. The malware establishes C2 communication and propagates across architectures. TP-Link confirmed affected devices are end-of-life with no patc...
Pulse ID: 69e1f0ddb1aa33b71576ca92
Pulse Link: https://otx.alienvault.com/pulse/69e1f0ddb1aa33b71576ca92
Pulse Author: AlienVault
Created: 2026-04-17 08:35:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #CISA #CyberSecurity #Endpoint #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #Vulnerability #bot #botnet #AlienVault
-
NIST will now prioritize NVD enrichment for CVEs in CISA KEV & critical software. Other CVEs may see slower data updates. No direct exploit info, but vulnerability workflows could be impacted. Stay updated! https://radar.offseq.com/threat/nist-prioritizes-nvd-enrichment-for-cves-in-cisa-k-99bc1f23 #OffSeq #NVD #CISA #Infosec
-
NIST will now prioritize NVD enrichment for CVEs in CISA KEV & critical software. Other CVEs may see slower data updates. No direct exploit info, but vulnerability workflows could be impacted. Stay updated! https://radar.offseq.com/threat/nist-prioritizes-nvd-enrichment-for-cves-in-cisa-k-99bc1f23 #OffSeq #NVD #CISA #Infosec
-
NIST will now prioritize NVD enrichment for CVEs in CISA KEV & critical software. Other CVEs may see slower data updates. No direct exploit info, but vulnerability workflows could be impacted. Stay updated! https://radar.offseq.com/threat/nist-prioritizes-nvd-enrichment-for-cves-in-cisa-k-99bc1f23 #OffSeq #NVD #CISA #Infosec
-
NIST will now prioritize NVD enrichment for CVEs in CISA KEV & critical software. Other CVEs may see slower data updates. No direct exploit info, but vulnerability workflows could be impacted. Stay updated! https://radar.offseq.com/threat/nist-prioritizes-nvd-enrichment-for-cves-in-cisa-k-99bc1f23 #OffSeq #NVD #CISA #Infosec
-
NIST updated their NVD operations. They will now prioritize CISA's KEV catalog, federal government software, and "critical software" defined in the Executive Order 14028 for faster enrichment.
They also will not assign their own severity scores to CVEs that received a score from CNAs.
AI CVEs took a toll on them, it seems like.
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
#cybersecurity #cve #security #nist #cisa #cna #vulnerability #vulnerabilitymanagement #ai
-
NIST updated their NVD operations. They will now prioritize CISA's KEV catalog, federal government software, and "critical software" defined in the Executive Order 14028 for faster enrichment.
They also will not assign their own severity scores to CVEs that received a score from CNAs.
AI CVEs took a toll on them, it seems like.
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
#cybersecurity #cve #security #nist #cisa #cna #vulnerability #vulnerabilitymanagement #ai
