Skip to content
The Nexus
DossierENTITY

Cybersecurity and Infrastructure Security Agency

Coverage of Cybersecurity and Infrastructure Security Agency in the Nexus archive.

Earliest in view: Apr 23 · 20:25 UTCMost recent: Jul 8 · 09:00 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 8 · 09:00 UTCCYBERSCOOP
    Found fast, fixed slow: The gap the AI clearinghouse must close

    President Donald Trump's executive order mandated the creation of an AI cybersecurity clearinghouse within 30 days to coordinate vulnerability discovery and patching in critical infrastructure. The article highlights risks that the clearinghouse may become a stalled committee rather than an effective solution, emphasizing the bottleneck between AI-driven vulnerability detection and the slower human processes required for validation, patching, and deployment.

  • POLITICSJun 30 · 20:51 UTCCYBERSCOOP
    Trump budget boss Russell Vought open to re-staffing CISA

    Trump administration budget chief Russell Vought indicated openness to re-staffing the Cybersecurity and Infrastructure Security Agency (CISA) following personnel cuts. CISA director Markwayne Mullin requested hiring 600 additional personnel, though Vought noted no formal request had been received and emphasized the complexity of federal hiring processes.

  • SECURITYJun 18 · 10:00 UTCTHE CIPHER BRIEF
    The Forty-Year Cyber Policy Failure Congress Refuses to Address

    The article discusses the federal government's failure to address cyber policy gaps, particularly the lack of legislation allowing victims to interrupt ongoing cyberattacks. It highlights a testimony suggesting ransomware operators be designated as terrorists and the reliance on post-harm measures like sanctions and indictments, which have not effectively deterred attacks.

  • SECURITYJun 10 · 20:55 UTCWIRED
    CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

    CISA has directed US agencies to address security vulnerabilities within three days due to AI-related threats. A CISA official emphasized the urgency, stating that defenders cannot afford prolonged patching timelines.

  • SECURITYJun 10 · 16:07 UTCCYBERSCOOP
    CISA directive orders agencies to prioritize vulnerability patching in a new way

    CISA ordered federal agencies to prioritize vulnerability patching based on four criteria, including public exposure and automation potential. Agencies must adhere to timelines for remediation, with urgent fixes required for vulnerabilities meeting all four criteria. The directive aims to address AI-driven increases in vulnerability discovery and exploitation.

  • SECURITYJun 9 · 14:03 UTCCYBERSCOOP
    Cisco customers encounter another SD-WAN zero-day under attack

    Cisco customers are facing another actively exploited zero-day vulnerability (CVE-2026-20245) in its SD-WAN management software, marking the seventh such exploit this year. The flaw allows authenticated attackers to execute commands as root, but Cisco warns no patch or workaround is currently available, and exploitation requires existing credentials or prior vulnerabilities.

  • POLITICSJun 4 · 20:40 UTCCYBERSCOOP
    Hill Dems hammer GOP for $250M CISA budget cut

    House Democrats criticized a draft Republican Department of Homeland Security spending bill that would reduce Cybersecurity and Infrastructure Security Agency (CISA) funding by $250 million. Republicans defended the bill, stating it provides $2.4 billion for CISA and includes strategic reductions to redundant programs. The bill is set for a subcommittee vote Friday.

  • POLITICSJun 4 · 20:40 UTCRECORDED FUTURE NEWS
    Trump considers Palantir exec to lead CISA

    Trump is considering Shyam Sankar, a Palantir Technologies executive, for the director role at the Cybersecurity and Infrastructure Security Agency (CISA). The selection is being discussed by anonymous sources within the administration.

  • SECURITYJun 3 · 19:56 UTCCYBERSCOOP
    DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels

    DHS Secretary Markwayne Mullin stated the optimal staffing level for CISA is 2,800, down from 3,400 before the second Trump administration and up from the current 2,200. Trump's proposed fiscal 2027 budget includes cuts to CISA, drawing bipartisan criticism, while Mullin emphasized reliance on public partnerships to maintain mission effectiveness. A House Appropriations subcommittee is set to consider a DHS funding bill.

  • TECHNOLOGYJun 2 · 16:53 UTCCYBERSCOOP
    Trump administration releases scaled-back AI executive order

    The Trump administration released a revised executive order on artificial intelligence that reduces federal oversight compared to a previous draft. The order maintains a voluntary framework for AI companies to share models with the government for up to 30 days, avoids mandatory requirements, and emphasizes protecting innovation from regulatory burdens.

  • POLITICSJun 2 · 16:13 UTCAXIOS
    Trump quietly signs new AI executive order

    President Trump signed a new executive order on artificial intelligence and cybersecurity, directing national security agencies to enhance cybersecurity capabilities and establish a cybersecurity clearinghouse. The order avoids mandatory government licensing for AI models and follows the cancellation of a stricter version that Trump claimed could harm American competitiveness.

  • SECURITYJun 1 · 22:29 UTCCYBERSCOOP
    Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

    Palo Alto Networks' CVE-2026-0257 vulnerability, initially rated medium severity, was escalated to critical after active exploitation was confirmed. Attackers exploit the flaw to bypass authentication and establish unauthorized VPN connections, leveraging a publicly available TLS certificate to forge valid authentication cookies.

  • SECURITYMay 29 · 16:07 UTCCYBERSCOOP
    Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

    A federal audit found the National Institute of Standards and Technology (NIST) mismanaged its National Vulnerability Database (NVD) due to poor planning, inefficient operations, and duplication with the Cybersecurity and Infrastructure Security Agency (CISA)'s program. The backlog of unprocessed security flaws grew from 13,000 in June 2024 to over 27,000 by December 2025, with NIST failing to meet its self-imposed processing goals and wasting an estimated $200,000 on duplicated work between agencies.

  • SECURITYMay 26 · 19:09 UTCCYBERSCOOP
    White House charts new course for federal agencies and cybersecurity logging

    The White House has updated federal cybersecurity logging rules, replacing a 2021 memo with a new directive emphasizing a risk-based approach to reduce operational inefficiencies. The new memo, M-26-14, tasks the Cybersecurity and Infrastructure Security Agency (CISA) with developing a logging reference architecture and sets timelines for agency compliance. Experts have expressed mixed reactions, citing both the benefits of flexibility and concerns about implementation gaps.

  • SECURITYMay 26 · 08:50 UTCAXIOS
    CISA sidelined as White House scrambles on AI cyber threats

    CISA is facing shrinking resources and a diminished role in addressing AI-driven cyber threats, with significant staff and funding cuts under the Trump administration. Industry leaders and former officials warn this undermines preparedness for critical infrastructure attacks, while recent hiring plans may signal a potential reversal.

  • SECURITYMay 23 · 01:11 UTCRECORDED FUTURE NEWS
    CISA to allow researchers to report vulnerabilities to exploited bugs catalog

    CISA announced a new nomination form that allows researchers, vendors, and industry partners to report vulnerabilities for inclusion in the Known Exploited Vulnerabilities catalog. This initiative aims to streamline the process of identifying and tracking bugs that are actively being exploited in the wild.

  • SECURITYMay 22 · 16:19 UTCTHE CIPHER BRIEF
    DHS Has Become Central to American Strategy, But Its Strategy Has Not Caught Up

    The Department of Homeland Security has become central to American national security strategy following 9/11, but lacks a coherent institutional strategy to guide its disparate components. The 2025 National Security Strategy and recent Counterterrorism Strategy reflect a blurred line between foreign and domestic threats, including cartels, fentanyl trafficking, and cyber operations, yet DHS still lacks a strategic framework to align its mission effectively.

  • POLITICSMay 21 · 23:03 UTCTHE REGISTER
    Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'

    Democratic lawmakers criticized President Trump's proposed budget priorities, which include $1 billion for White House security and ballroom renovations and $1.8 billion for January 6-related incentives, while his administration cuts cybersecurity funding by $707 million and eliminates federal support for state and local threat detection services. Expert witnesses testified that reduced cybersecurity funding disproportionately impacts smaller jurisdictions that most need protection.

  • SECURITYMay 21 · 20:02 UTCCYBERSCOOP
    Lawmakers from both parties say CISA cuts have gone too far

    Bipartisan lawmakers Rep. Don Bacon (R-Neb.) and Rep. James Walkinshaw (D-Va.) expressed concern that budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) have compromised its ability to defend civilian networks against foreign cyber threats, particularly from China. Both emphasized that most critical infrastructure entities cannot defend themselves against nation-state adversaries without federal support. President Trump's proposed fiscal 2027 budget would cut CISA by $707 million.

  • TECHNOLOGYMay 21 · 18:37 UTCCYBERSCOOP
    Trump postpones executive order focused on AI security

    President Trump postponed an executive order that would have established a 90-day voluntary testing regime for frontier AI models, citing concerns about harming U.S. AI industry competition with China. The order would have involved multiple federal agencies including the NSA and Treasury Department in evaluating new AI models before public release. The decision represents a pivot toward prioritizing industry competitiveness over AI safety measures.

  • SECURITYMay 21 · 17:05 UTCCYBERSCOOP
    CISA chief frets about open-source vulnerabilities, delayed security improvements

    CISA acting director Nick Andersen expressed concern about vulnerabilities in open-source software that underpins modern digital infrastructure, citing recent attacks by North Korean group TeamPCP. He emphasized the need for hard security decisions and modified approaches to vulnerability management, while noting the U.S. has delayed necessary security improvements and accumulated significant technical debt.

  • SECURITYMay 19 · 23:59 UTCDAILY MAIL US
    Young American women in the crosshairs of dark network: They flirt and flatter, watching every move... then they strike

    The article discusses young American women being targeted by a dark network, where they are manipulated through flattery and then taken advantage of. The women are unaware of the intentions behind the flirting and are caught off guard when they strike. This phenomenon is a cause for concern among authorities.

  • SECURITYMay 19 · 21:19 UTCCYBERSCOOP
    Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches

    Attackers exploited vulnerabilities in over 22,000 breaches analyzed by Verizon, making exploits the top initial access vector, with a surge in exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects accounted for 31% of all known initial access vectors. Ransomware accounted for 48% of all breaches last year, up from 44% in 2024.

  • SECURITYMay 19 · 19:49 UTCDARK READING
    CISA Exposes Secrets, Credentials in 'Private' Repo

    The Cybersecurity and Infrastructure Security Agency's GitHub repository was publicly available since November 2025 and contained secrets and credentials despite being named 'Private-CISA'. This exposure is a significant security concern. The agency's mistake has raised questions about its ability to protect sensitive information.

  • SECURITYMay 18 · 04:00 UTCCYBERSCOOP
    Former CISA nominee Sean Plankey named US CEO of defense startup

    Sean Plankey, former nominee for director of the Cybersecurity and Infrastructure Security Agency, has been named US CEO of defense startup UFORCE. UFORCE is a London-based company that creates combat drones and plans to manufacture unmanned surface vessels in the US. Plankey's appointment comes after he withdrew his nomination for the CISA director position amid senate objections.

  • SECURITYMay 15 · 15:37 UTCSEMAFOR
    ‘The new era is here’: Fears rise over AI hacking

    AI has entered a new era of cybersecurity threats, with Google detecting the first known case of cybercriminals using AI to exploit zero-day vulnerabilities. Senate Minority Leader Chuck Schumer is urging the Department of Homeland Security to develop a national coordination plan by July to address AI-enabled hacking risks to critical infrastructure.

  • SECURITYMay 15 · 14:11 UTCCYBERSCOOP
    Cisco zero-day under ongoing attack by persistent threat group

    Cisco is under attack by a persistent threat group exploiting a zero-day vulnerability in its Catalyst SD-WAN Controller and Manager, with a CVSS rating of 10. The vulnerability, CVE-2026-20182, allows attackers to bypass authentication and gain administrative access. Cisco has released a patch for the vulnerability.

  • TECHNOLOGYMay 12 · 21:09 UTCCYBERSCOOP
    Major world economies spell out key elements of AI ‘ingredients list’

    A group of international government agencies released guidance on what artificial intelligence 'ingredients list' tools should include to make AI more secure. The guidance aims to set minimum voluntary standards for software bills of materials (SBOMs) for AI. Industry professionals welcomed the guidance, praising it as a good step towards improving trust in AI systems.

  • SECURITYMay 8 · 17:20 UTCCYBERSCOOP
    Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments

    Senate Minority Leader Chuck Schumer called on the Department of Homeland Security to work closely with state and local governments to defend against artificial intelligence-strengthened hacks. Schumer wants a plan from DHS by July 1 on coordinating with state and local governments on various cybersecurity questions. He is concerned about the capabilities of DHS to carry out this coordination due to federal funding cuts and lack of a Senate-confirmed director.

  • SECURITYMay 7 · 21:50 UTCCYBERSCOOP
    Ivanti customers confront yet another actively exploited zero-day

    Ivanti customers are being targeted by attackers exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile, with limited exploitation reported. The company has released patches for five high-severity vulnerabilities, including the zero-day defect. Ivanti warned customers of the threat and suggested rotating credentials to reduce risk.

  • SECURITYMay 6 · 19:48 UTCCYBERSCOOP
    A critical Palo Alto PAN-OS zero-day is being exploited in the wild

    A critical zero-day vulnerability is being exploited in Palo Alto Networks' firewalls, allowing unauthenticated attackers to run code with root privileges. The company has not released a patch but has provided mitigation guidance to customers. Exploitation is expected to increase as more researchers and attackers become aware of the vulnerability.

  • SECURITYMay 5 · 21:47 UTCCYBERSCOOP
    CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict

    The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners to plan for delivering essential services under emergency conditions, potentially for months at a time, due to threats from state-sponsored hackers. The agency is working with the private sector to protect operational technology from attacks. The initiative, known as CI Fortify, aims to create plans for safe operations while isolated from IT networks and third-party tools.

  • SECURITYMay 5 · 19:18 UTCCYBERSCOOP
    CISA boasts AI automation improvements to threat analysis, mission support

    The Cybersecurity and Infrastructure Security Agency has made significant gains from artificial intelligence automation in its security operations unit, improving threat analysis and mission support. The agency's acting chief of application management, Tammy Barbour, and acting deputy chief technology officer, Laura Wind, highlighted the benefits of automation. However, they also noted barriers to adoption, including legacy workflows and the need for AI governance.

  • POLITICSMay 3 · 14:10 UTCTHE HILL
    Mullin: 1.1K CISA staff left DHS amid partial shutdown

    Homeland Security Secretary Markwayne Mullin reported that the Cybersecurity and Infrastructure Security Agency (CISA) lost approximately 1,100 employees during a 76-day partial government shutdown linked to a Democratic-led push for federal immigration reform following the deaths of two U.S. citizens in Minnesota.

  • SECURITYMay 1 · 16:49 UTCCYBERSCOOP
    US government, allies publish guidance on how to safely deploy AI agents

    Cybersecurity agencies from the US, Australia, Canada, New Zealand, and the UK jointly issued guidance urging organizations to integrate autonomous AI systems into existing cybersecurity frameworks, highlighting risks like privilege overreach, design flaws, and behavioral unpredictability. The document emphasizes applying principles like zero trust and least-privilege access to mitigate threats from agentic AI in critical infrastructure and defense sectors.

  • SECURITYApr 29 · 15:35 UTCTHE REGISTER
    CISA flags data-theft bug in NSA-built OT networking tool

    CISA has issued a warning about a data-theft vulnerability in GrassMarlin, an operational technology (OT) networking tool developed by the National Security Agency (NSA). The flaw allows attackers to exploit sensitive information if they possess advanced phishing skills.

  • SECURITYApr 28 · 15:45 UTCCYBERSCOOP
    Rep. Delia Ramirez takes over as top House cybersecurity Dem

    Rep. Delia Ramirez has become the top Democrat on the House Homeland Security cybersecurity subcommittee, succeeding Eric Swalwell after his resignation. She criticizes both Trump and Biden administrations for cybersecurity lapses and co-sponsored legislation to strengthen the cybersecurity workforce.

  • SECURITYApr 24 · 14:46 UTCTHE REGISTER
    Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

    CISA and UK cybersecurity agencies detected a previously unknown backdoor malware called Firestarter in a U.S. federal agency's network, part of an ongoing attack on Cisco equipment. The targeted agency remains unnamed, but the incident highlights a long-running cyber campaign against federal infrastructure.

  • POLITICSApr 23 · 22:04 UTCTHE HILL
    Trump pick to lead CISA withdraws nomination

    President Trump’s nominee for the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, withdrew his nomination after waiting over a year for Senate confirmation. The Senate Committee on Homeland Security and Governmental Affairs confirmed awareness of the withdrawal but had not yet acted on it.

  • SECURITYApr 23 · 20:25 UTCCYBERSCOOP
    US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

    US and UK cybersecurity agencies warned that a state-sponsored hacking group has deployed a persistent backdoor called Firestarter on Cisco firewalls, which can survive firmware updates and reboots. The malware, linked to threat actor UAT-4356, exploits vulnerabilities patched in September 2025 and has prompted an emergency directive for federal agencies to audit Cisco infrastructure.