Cybersecurity and Infrastructure Security Agency (CISA) Archives

Google’s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake/Getty Images)

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

1 day ago By Matt Kapko

In this photo illustration, social media and messaging apps are seen on a mobile phone screen on Nov. 11, 2025 in Istanbul, Turkey. (Photo Illustration by Chris McGrath/Getty Images)

CISA alert draws attention to spyware’s targeting of messaging apps

The agency’s brief notice also directed messaging app users to advice on how to protect themselves.

Nov 24, 2025 By Tim Starks

A photo-illustration of computer code fading into a digital representation of a human head. — (Yuichiro Chino/Getty Images)

The slow rise of SBOMs meets the rapid advance of AI

Despite years of effort to make software safer and more transparent with SBOMs, the rise of AI coding assistants is fueling optimism—and, some experts argue, “kind of…

Nov 24, 2025 By Cynthia Brumfield

Senate Select Committee on Intelligence Vice Chairman Mark Warner, D-Va., talks to reporters about Democrats being excluded from briefings the Trump Administration gave to Republicans about military strikes on alleged drug boats at the U.S. Capitol on Oct. 30, 2025. (Photo by Chip Somodevilla/Getty Images)

Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization

Sen. Mark Warner, D-Va., said the Trump administration is leaving the nation vulnerable at a time of rising threats in cyberspace.

Nov 20, 2025 By Tim Starks

Five Eyes just made life harder for bulletproof hosting providers

An international effort sanctioned Russia-based Media Land and took action against companies and people who helped Aeza Group evade previously issued sanctions.

Nov 19, 2025 By Matt Kapko

Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., speak at the 2025 Aspen Cyber Summit. (Tim Starks/Scoop News Group)

Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says

The next steps for the law, now extended for a short time, are up in the air.

Nov 18, 2025 By Tim Starks

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage

The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…

Nov 17, 2025 By Matt Kapko

The headquarters of the Federal Bureau of Investigation on August 16, 2022, in Washington. (Matt McClain/The Washington Post via Getty Images)

FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses

Officials shared indicators of compromise observed as recently as this month to help organizations hunt for and defend against the ransomware group, which has pocketed $244 million…

Nov 13, 2025 By Matt Kapko

F5 Headquarters in Seattle, Washington. (Courtesy of F5)

What’s left to worry (and not worry) about in the F5 breach aftermath

Researchers say the nation-state attacker could cause more serious problems with the BIG-IP source code it nabbed during the attack on F5’s systems.

Nov 10, 2025 By Matt Kapko

Safe Mode

How MSP’s are dealing with CISA changes

Jason Pufahl, VP of Security Services, Vancord

Nov 6, 2025 By CyberScoop Staff