Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles

Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles serves as a cybersecurity roadmap for manufacturers of technology and associated products. With recommendations in this guide, manufacturers are urged to put cybersecurity first, during the design phase of a...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on April 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-101-01 FANUC ROBOGUIDE-HandlingPRO ICSA-20-212-04 Mitsubishi Electric Factory Automation...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28252link is external Microsoft Windows Common Log File System CLFS Driver Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack...

Microsoft Releases April 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2023 Security Update Guidelink is external an...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates. •...

Apple Releases Security Update

Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48907link is external Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-31431link is external Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability This type of vulnerability is a frequent attack vector for...

CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance

CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...

CISA Requests Public Comment for Updated Guidance on Software Bill of Materials

CISA released updated guidance for the Minimum Elements for a Software Bill of Materials SBOM for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum...

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology OT owners and operators across all critical infrastructure sectors create and...

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...

CISA Releases Part One of Zero Trust Microsegmentation Guidance

CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch FCEB agencies implementing zero trust architectures ZTAs. This guidance provides a high-level overview of microsegmentation, focusing on i...

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS advisories on July 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-198-01 Leviton AcquiSuite and Energy Monitoring Hub ICSMA-25-198-01 Panoramic Corporati...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-196-03 LITEON IC48A...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6554link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Today, CISA, in collaboration with the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA, released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored ...

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Delta Electronics...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-168-01 Siemens Mendix Studio Pro ICSA-25-168-02 LS Electric GMWin 4 ICSA-25-168-04 Fuji...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on June 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-160-01 SinoTrack GPS Receiver ICSA-25-160-02 Hitachi Energy Relion 670, 650, SAM600-IO...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom ICSA-25-155-02 Hitachi Energy Relion 670,...

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-153-01 Schneider Electric Wiser Home Automation ICSA-25-153-02 Schneider Electric...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on May 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-148-01 Siemens SiPass ICSA-25-148-02 Siemens SiPass Integrated ICSA-25-148-03 Consilium...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on May 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-146-01 Johnson Controls iSTAR Configuration Utility ICU Tool CISA encourages users and...

New Guidance for SIEM and SOAR Implementation

Today, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management SIEM and Security Orchestration,...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on May 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-142-01 Lantronix Device Installer ICSA-25-142-02 Rockwell Automation FactoryTalk Historian...

Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies. This advisory details a Russian state-sponsored cyber...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on May 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-128-01 Horner Automation Cscape ICSA-25-128-02 Hitachi Energy RTU500 series ICSA-25-128-03...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-6047link is external GeoVision Devices OS Command Injection Vulnerability CVE-2024-11120link is external GeoVision Devices OS Command Injection Vulnerability...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-27363link is external FreeType Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio ICSA-25-107-02 Schneider Electric...

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on April 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-100-01 Siemens License Server ICSA-25-100-02 Siemens SIDIS Prime ICSA-25-100-03 Siemens...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53197link is external Linux Kernel Out-of-Bounds Access Vulnerability CVE-2024-53150link is external Linux Kernel Out-of-Bounds Read Vulnerability These types ...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on April 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-091-01 Rockwell Automation Lifecycle Services with Veeam Backup and Replication...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation...

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released joint Cybersecurity Advisory, StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures TTPs, indicators of compromi...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302link is external Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225link is external VMware ESXi Arbitrary Write Vulnerability...

CISA Releases Twenty Industrial Control Systems Advisories

CISA released twenty Industrial Control Systems ICS advisories on February 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-044-01 Siemens SIMATIC S7-1200 CPU Family ICSA-25-044-02 Siemens SIMATIC...

CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software

CISA and the Federal Bureau of Investigation FBI have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-17 2N Access Commander Update A ICSA-25-037-04 Trimble Cityworks Update A CISA...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53104link is external Linux Kernel Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on February 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-035-01 Western Telematic Inc NPS Series, DSM Series, CPM Series ICSA-25-035-02 Rockwe...

CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks VPN gateways, Internet of Things IoT devices, internet-facing servers, and internet-facing...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric Vijeo Designer...

Adobe Releases Security Updates for Multiple Products

Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Photoshop, Animate, and Illustrator for iPad. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-352-01 ThreatQuotient ThreatQ Platform ICSA-24-352-02 Hitachi Energy TropOS Devices...

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on December 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-347-01 Siemens CPCI85 Central Processing/Communication ICSA-24-347-02 Siemens...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...