Cybersecurity and Infrastructure Security Agency

Trump’s cyber czar pick grilled over CISA cuts: ‘If we have a cyber 9/11, you’re the guy’

Plus: Plankey's confirmation process 'temporarily delayed'

Security05 Jun 2025 | 7

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

Infosec In Brief PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!

Security02 Jun 2025 | 3

Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers

House Homeland Security Committee takes a field trip to Silicon Valley

Cyber-crime29 May 2025 | 43

Ex-CISA employee: 'This culture of fear started permeating the agency'

Interview 'Everyone's holding their breath'

Public Sector28 May 2025 | 10

Cybercrime is 'orders of magnitude' larger than state-backed ops, says ex-White House advisor

INTERVIEW Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware

Cyber-crime24 May 2025 | 26

CISA says SaaS providers in firing line after Commvault zero-day Azure attack

Cyberbaddies are coming for your M365 creds, US infosec agency warns

Security23 May 2025 | 2

CISA has a new No. 2 ... but still no official top dog

Brain drain, budget cuts, constant cyberthreats - who wouldn't want this job?

Security19 May 2025 | 5

'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart

CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers

Security13 May 2025 | 6

CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email

Updated Cripes, we were only joking when we called Elon's social network the new state media

Security12 May 2025 | 67

CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut

Because who needs cybersecurity when there’s culture wars to win

Public Sector06 May 2025 | 38

Ex-CISA chief decries cuts as Trump demands loyalty above all else

RSAC Cybersecurity is national security, says Jen Easterly

Spotlight on RSAC30 Apr 2025 | 11

Homeland Security boss says CISA has gone off the rails, vows to set it right

RSAC Kirsty Noem argues cyber-agency's job is defending America, not becoming 'Ministry of Truth'

Spotlight on RSAC30 Apr 2025 | 27

Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security

Top voices warn that political retaliation puts democracy and national defense at risk

Security29 Apr 2025 | 70

Admission impossible: NSA, CISA brass absent from RSA Conf

RSAC Homeland Security boss Noem added as last-minute keynote, mind you

Spotlight on RSAC28 Apr 2025 | 11

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future

CSO25 Apr 2025 | 17

America's cyber defenses are being dismantled from the inside

Opinion The CVE system nearly dying shows that someone has lost the plot

CSO23 Apr 2025 | 93

Two CISA officials jump ship, both proud of pushing for Secure by Design software

As cyber-agency faces cuts, makes noises about switching up program

Public Sector22 Apr 2025 | 11

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter

Some in the infosec world definitely want to see Big Red crucified

CSO18 Apr 2025 | 6

CVE fallout: The splintering of the standard vulnerability tracking system has begun

Comment MITRE, EUVD, GCVE … WTF?

Spotlight on RSAC18 Apr 2025 | 89

Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances

Illegitimi non carborundum? Nice password, Mr Ex-CISA

Spotlight on RSAC17 Apr 2025 | 69

CVE program gets last-minute funding from CISA – and maybe a new home

Uncertainty is the new certainty

CSO16 Apr 2025 | 32

Uncle Sam kills funding for CVE program. Yes, that CVE program

Updated Because vulnerability management has nothing to do with national security, right?

CSO16 Apr 2025 | 179

Cyber congressman demands answers before CISA gets cut down to size

What's the goal here, Homeland Insecurity or something?

Security14 Apr 2025 | 14

Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs

Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories

Public Sector10 Apr 2025 | 113

As CISA braces for more cuts, threat intel sharing takes a hit

Analysis How will 'gutting' civilian defense agency make American cybersecurity great again?

Public Sector08 Apr 2025 | 11

CISA spots spawn of Spawn malware targeting Ivanti flaw

Resurge an apt name for malware targeting hardware maker that has security bug after security bug

Cyber-crime01 Apr 2025 | 1

CISA fires, now rehires and immediately benches security crew on full pay

DOGE efficiency in action

Public Sector18 Mar 2025 | 51

FCC stands up Council on National Security to fight China in ways that CISA used to

Infosec In Brief PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Security16 Mar 2025 | 6

CISA: We didn't fire red teams, we just unhired a bunch of them

Agency tries to save face as it also pulls essential funding for election security initiatives

Security13 Mar 2025 | 28

Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand

Feds warn gang still rampant and now cracked 300+ victims around the world

Cyber-crime13 Mar 2025 | 4

CISA pen-tester says 100-strong red team binned after DOGE canceled contract

Updated Election infosec advisory center also shuttered

Public Sector12 Mar 2025 | 166

So … Russia no longer a cyber threat to America?

Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks

Public Sector04 Mar 2025 | 218

200-plus impressively convincing GitHub repos are serving up malware

Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Security26 Feb 2025 | 9

Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon

Public Sector26 Feb 2025 | 37

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups

Ransomware in Focus20 Feb 2025 | 7

Time to make C the COBOL of this century

Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees

CSO18 Feb 2025 | 222

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff

CSO13 Feb 2025 | 75

Dems want answers on national security risks posed by hiring freeze, DOGE probes

Updated Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know

Security06 Feb 2025 | 35

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says

Public Sector27 Jan 2025 | 86

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Feature Everyone agrees defense matters. How to do it is up for debate

CSO22 Jan 2025 | 20

CISA: Wow, that election had a lot of foreign trolling. Trump's Homeland Sec pick: And that's none of your concern

Cyber agency too 'far off mission,' says incoming boss Kristi Noem

Public Sector18 Jan 2025 | 81

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Public Sector17 Jan 2025 | 40

China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says

We are only seeing 'the tip of the iceberg,' Easterly warns

Security15 Jan 2025 | 11

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Security08 Jan 2025 | 4

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

Security16 Dec 2024 | 1

T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'

Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat

Spotlight on RSAC05 Dec 2024 | 54

Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?

Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration

Public Sector23 Nov 2024 | 41

Here's what happens if you don't layer network security – or remove unused web shells

TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated

Security22 Nov 2024 | 4

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

Research14 Nov 2024 | 5

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

Plus: CISA's ScubaGear dives deep to fix M365 misconfigs

CSO14 Nov 2024 | 2

The US government wants developers to stop using C and C++

Opinion Does anyone want to tell Linus Torvalds? No? I didn't think so

Software08 Nov 2024 | 233

FortiManager critical vulnerability under active attack

Updated Security shop and CISA urge rapid action

Cybersecurity Month23 Oct 2024 | 7

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Security23 Oct 2024 |

Critical hardcoded SolarWinds credential now exploited in the wild

Another blow for IT software house and its customers

Security16 Oct 2024 | 23

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4

Extracting vendor promises won't fix cybersecurity. Extracting teeth might

Opinion One branch of tech has learned to work together to solve the near-impossible. Now it's our turn

Applications30 Sep 2024 | 43