Now everybody but Citrix agrees that CitrixBleed 2 is under exploit Updated Add CISA to the list Patches10 Jul 2025 | 3
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' Patches02 Jul 2025 | 7
Dems demand audit of CVE program as Federal funding remains uncertain Infosec In Brief PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more! Security15 Jun 2025 | 5
Ransomware scum disrupted utility services with SimpleHelp attacks Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo Cyber-crime12 Jun 2025 | 1
CISA loses another senior exec - and the budget cuts haven't even started yet Another one bites the dust at America's top cybersecurity agency Public Sector12 Jun 2025 | 4
US infrastructure could crumble under cyberattack, ex-NSA advisor warns Infosec in Brief PLUS: Doxxers jailed; Botnets bounce back; CISA questioned over app-vetting program closure; And more Security08 Jun 2025 | 7
Trump’s cyber czar pick grilled over CISA cuts: ‘If we have a cyber 9/11, you’re the guy’ Plus: Plankey's confirmation process 'temporarily delayed' Security05 Jun 2025 | 7
Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data Infosec In Brief PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more! Security02 Jun 2025 | 3
Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers House Homeland Security Committee takes a field trip to Silicon Valley Cyber-crime29 May 2025 | 43
Ex-CISA employee: 'This culture of fear started permeating the agency' Interview 'Everyone's holding their breath' Public Sector28 May 2025 | 10
Cybercrime is 'orders of magnitude' larger than state-backed ops, says ex-White House advisor INTERVIEW Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware Cyber-crime24 May 2025 | 26
CISA says SaaS providers in firing line after Commvault zero-day Azure attack Cyberbaddies are coming for your M365 creds, US infosec agency warns Security23 May 2025 | 2
CISA has a new No. 2 ... but still no official top dog Brain drain, budget cuts, constant cyberthreats - who wouldn't want this job? Security19 May 2025 | 5
'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart CYBERUK Both agencies seem unbothered despite tech world's clear concerns for US infoseccers Security13 May 2025 | 6
CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email Updated Cripes, we were only joking when we called Elon's social network the new state media Security12 May 2025 | 67
CISA slammed for role in 'censorship industrial complex' as budget faces possible $500M cut Because who needs cybersecurity when there’s culture wars to win Public Sector06 May 2025 | 38
Ex-CISA chief decries cuts as Trump demands loyalty above all else RSAC Cybersecurity is national security, says Jen Easterly Spotlight on RSAC30 Apr 2025 | 11
Homeland Security boss says CISA has gone off the rails, vows to set it right RSAC Kirsty Noem argues cyber-agency's job is defending America, not becoming 'Ministry of Truth' Spotlight on RSAC30 Apr 2025 | 27
Infosec pros tell Trump to quit bullying Chris Krebs – it's undermining security Top voices warn that political retaliation puts democracy and national defense at risk Security29 Apr 2025 | 70
Admission impossible: NSA, CISA brass absent from RSA Conf RSAC Homeland Security boss Noem added as last-minute keynote, mind you Spotlight on RSAC28 Apr 2025 | 11
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future CSO25 Apr 2025 | 17
America's cyber defenses are being dismantled from the inside Opinion The CVE system nearly dying shows that someone has lost the plot CSO23 Apr 2025 | 93
Two CISA officials jump ship, both proud of pushing for Secure by Design software As cyber-agency faces cuts, makes noises about switching up program Public Sector22 Apr 2025 | 11
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter Some in the infosec world definitely want to see Big Red crucified CSO18 Apr 2025 | 6
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 89
Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances Illegitimi non carborundum? Nice password, Mr Ex-CISA Spotlight on RSAC17 Apr 2025 | 69
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 32
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 179
Cyber congressman demands answers before CISA gets cut down to size What's the goal here, Homeland Insecurity or something? Security14 Apr 2025 | 14
Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs Updated Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Public Sector10 Apr 2025 | 113
As CISA braces for more cuts, threat intel sharing takes a hit Analysis How will 'gutting' civilian defense agency make American cybersecurity great again? Public Sector08 Apr 2025 | 11
CISA spots spawn of Spawn malware targeting Ivanti flaw Resurge an apt name for malware targeting hardware maker that has security bug after security bug Cyber-crime01 Apr 2025 | 1
CISA fires, now rehires and immediately benches security crew on full pay DOGE efficiency in action Public Sector18 Mar 2025 | 51
FCC stands up Council on National Security to fight China in ways that CISA used to Infosec In Brief PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware Security16 Mar 2025 | 6
CISA: We didn't fire red teams, we just unhired a bunch of them Agency tries to save face as it also pulls essential funding for election security initiatives Security13 Mar 2025 | 28
Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand Feds warn gang still rampant and now cracked 300+ victims around the world Cyber-crime13 Mar 2025 | 4
CISA pen-tester says 100-strong red team binned after DOGE canceled contract Updated Election infosec advisory center also shuttered Public Sector12 Mar 2025 | 166
So … Russia no longer a cyber threat to America? Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks Public Sector04 Mar 2025 | 218
200-plus impressively convincing GitHub repos are serving up malware Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Security26 Feb 2025 | 9
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in Plus: New figurehead of DOGE emerges and they aren't called Elon Public Sector26 Feb 2025 | 37
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec FBI and CISA issue reminder - deep sigh - about the importance of patching and backups Ransomware in Focus20 Feb 2025 | 7
Time to make C the COBOL of this century Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees CSO18 Feb 2025 | 222
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff CSO13 Feb 2025 | 75
Dems want answers on national security risks posed by hiring freeze, DOGE probes Updated Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know Security06 Feb 2025 | 35
US freezes foreign aid, halting cybersecurity defense and policy funds for allies Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says Public Sector27 Jan 2025 | 86
Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch Feature Everyone agrees defense matters. How to do it is up for debate CSO22 Jan 2025 | 20
CISA: Wow, that election had a lot of foreign trolling. Trump's Homeland Sec pick: And that's none of your concern Cyber agency too 'far off mission,' says incoming boss Kristi Noem Public Sector18 Jan 2025 | 81
Biden signs sweeping cybersecurity order, just in time for Trump to gut it Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive Public Sector17 Jan 2025 | 40
China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says We are only seeing 'the tip of the iceberg,' Easterly warns Security15 Jan 2025 | 11
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit 3 CVEs added to CISA's catalog Security08 Jan 2025 | 4
Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility But can you really take crims at their word? Security16 Dec 2024 | 1
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat Spotlight on RSAC05 Dec 2024 | 54
Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain? Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration Public Sector23 Nov 2024 | 41
Here's what happens if you don't layer network security – or remove unused web shells TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated Security22 Nov 2024 | 4
Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds Research14 Nov 2024 | 5
ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Plus: CISA's ScubaGear dives deep to fix M365 misconfigs CSO14 Nov 2024 | 2
The US government wants developers to stop using C and C++ Opinion Does anyone want to tell Linus Torvalds? No? I didn't think so Software08 Nov 2024 | 233
FortiManager critical vulnerability under active attack Updated Security shop and CISA urge rapid action Cybersecurity Month23 Oct 2024 | 7
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch Plus, a POC to make it extra easy for attackers Security23 Oct 2024 |
Critical hardcoded SolarWinds credential now exploited in the wild Another blow for IT software house and its customers Security16 Oct 2024 | 23
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4
Extracting vendor promises won't fix cybersecurity. Extracting teeth might Opinion One branch of tech has learned to work together to solve the near-impossible. Now it's our turn Applications30 Sep 2024 | 43