Cybersecurity and Infrastructure Security Agency (CISA) Archives

Behind the struggle for control of the CVE program

Following a funding scare that nearly shuttered the CVE program, outside experts and CISA are positioning to take charge of the 25-year-old system before the next funding…

1 day ago By Cynthia Brumfield

Safe Mode

Rethinking resilience with WatchTowr CEO Benjamin Harris

WatchTowr CEO Benjamin Harris

5 days ago By CyberScoop Staff

CISA, DHS, Department of Homeland Security, RSA 2019 — The DHS and CISA booth at the 2019 RSA conference in San Francisco. (Scoop News Group photo)

CISA warns of imminent risk posed by thousands of F5 products in federal agencies

Cyber authorities issued their second emergency directive in three weeks. This one requires agencies to mitigate or disconnect potentially compromised F5 devices and services.

Oct 15, 2025 By Matt Kapko

U.S. Eric Swalwell (D-CA) speaks at a press conference on committee assignments for the 118th U.S. Congress, at the U.S. Capitol Building on January 25, 2023 in Washington, DC. (Photo by Kevin Dietsch/Getty Images)

Swalwell seeks answers from CISA on workforce cuts

Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s primary cybersecurity…

Oct 14, 2025 By Greg Otto

Person on ladder looking into large folder with messy paperwork spilling out. (Stock illustration/Getty Images)

Fortra cops to exploitation of GoAnywhere file-transfer service defect

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

Oct 13, 2025 By Matt Kapko

Safe Mode

What’s it like to go through the FedRAMP process?

Scott Montgomery, VP of Federal, Island

Oct 9, 2025 By CyberScoop Staff

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

Oct 9, 2025 By Matt Kapko

U.S. Sen. Gary Peters, D-Mich., leaves a Senate Democratic meeting at the U.S. Capitol Building on Oct. 3, 2025. (Photo by Kevin Dietsch/Getty Images)

Sen. Peters tries another approach to extend expired cyber threat information-sharing law

A new bill renames the Cybersecurity Information Sharing Act of 2015 and would make its legal protections retroactive after its lapse.

Oct 9, 2025 By Tim Starks

users, files, cloud, administrator — (Getty Images)

Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

Oct 7, 2025 By Matt Kapko

Oracle zero-day defect amplifies panic over Clop’s data theft attack spree

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

Oct 6, 2025 By Matt Kapko