Tag: CISA
-
The US Cybersecurity and Infrastructure Security Agency issued an urgent directive ordering federal agencies to patch a critical Drupal vulnerability that attackers are already exploiting in real-world attacks. The flaw affects Drupal websites running PostgreSQL databases and could allow attackers to execute malicious SQL commands remotely. Security researchers warned that successful exploitation may lead to…
-
Internal leadership failures inside a U.S. cybersecurity agency became public after a senior official remained in place despite repeated removal attempts. The CISA Costello dispute reveals how hesitation at the top, combined with internal resistance, prevented decisive action during a sensitive political period. The situation unfolded while the agency faced intense scrutiny over election security…
-
CISA AI OT guidance outlines new principles for safe artificial intelligence use in operational technology systems. The document focuses on protecting critical infrastructure from AI-driven risks. It also helps operators understand how advanced systems can affect physical environments. This guidance arrives as many organizations explore automation without full awareness of the potential dangers. Why CISA…
-
CISA has issued a new security alert after investigators uncovered silent infections delivered through popular encrypted messaging platforms. Attackers now deploy zero-click spyware that compromises devices without user interaction. The rise of messaging-app spyware highlights how everyday communication tools create high-risk entry points for advanced threat actors. How attackers deliver zero-click infections Zero-click spyware reaches…
-
CISA has revealed that attackers deployed Ivanti EPMM malware kits exploiting recently patched vulnerabilities. The flaws, CVE-2025-4427 and CVE-2025-4428, allow authentication bypass and code injection. Threat actors have leveraged them since May, exploiting systems whose APIs remained vulnerable. What the vulnerabilities are The two vulnerabilities affect Ivanti Endpoint Manager Mobile (EPMM) in versions 11.12.0.4, 12.3.0.1,…
-
A new watchdog report exposes CISA cybersecurity retention mismanagement. The Office of the Inspector General (OIG) revealed that the Cybersecurity and Infrastructure Security Agency misused millions of dollars from its cybersecurity retention incentive program. Between 2020 and 2024, CISA failed to enforce eligibility rules, allowed improper payments, and did not maintain required records. These failures…