Cybersecurity and Infrastructure Security Agency
Coverage of Cybersecurity and Infrastructure Security Agency in the Nexus archive.
- Found fast, fixed slow: The gap the AI clearinghouse must close
President Donald Trump's executive order mandated the creation of an AI cybersecurity clearinghouse within 30 days to coordinate vulnerability discovery and patching in critical infrastructure. The article highlights risks that the clearinghouse may become a stalled committee rather than an effective solution, emphasizing the bottleneck between AI-driven vulnerability detection and the slower human processes required for validation, patching, and deployment.
- Trump budget boss Russell Vought open to re-staffing CISA
Trump administration budget chief Russell Vought indicated openness to re-staffing the Cybersecurity and Infrastructure Security Agency (CISA) following personnel cuts. CISA director Markwayne Mullin requested hiring 600 additional personnel, though Vought noted no formal request had been received and emphasized the complexity of federal hiring processes.
- The Forty-Year Cyber Policy Failure Congress Refuses to Address
The article discusses the federal government's failure to address cyber policy gaps, particularly the lack of legislation allowing victims to interrupt ongoing cyberattacks. It highlights a testimony suggesting ransomware operators be designated as terrorists and the reliance on post-harm measures like sanctions and indictments, which have not effectively deterred attacks.
- CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
CISA has directed US agencies to address security vulnerabilities within three days due to AI-related threats. A CISA official emphasized the urgency, stating that defenders cannot afford prolonged patching timelines.
- CISA directive orders agencies to prioritize vulnerability patching in a new way
CISA ordered federal agencies to prioritize vulnerability patching based on four criteria, including public exposure and automation potential. Agencies must adhere to timelines for remediation, with urgent fixes required for vulnerabilities meeting all four criteria. The directive aims to address AI-driven increases in vulnerability discovery and exploitation.
- Cisco customers encounter another SD-WAN zero-day under attack
Cisco customers are facing another actively exploited zero-day vulnerability (CVE-2026-20245) in its SD-WAN management software, marking the seventh such exploit this year. The flaw allows authenticated attackers to execute commands as root, but Cisco warns no patch or workaround is currently available, and exploitation requires existing credentials or prior vulnerabilities.
- Hill Dems hammer GOP for $250M CISA budget cut
House Democrats criticized a draft Republican Department of Homeland Security spending bill that would reduce Cybersecurity and Infrastructure Security Agency (CISA) funding by $250 million. Republicans defended the bill, stating it provides $2.4 billion for CISA and includes strategic reductions to redundant programs. The bill is set for a subcommittee vote Friday.
- Trump considers Palantir exec to lead CISA
Trump is considering Shyam Sankar, a Palantir Technologies executive, for the director role at the Cybersecurity and Infrastructure Security Agency (CISA). The selection is being discussed by anonymous sources within the administration.
- DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels
DHS Secretary Markwayne Mullin stated the optimal staffing level for CISA is 2,800, down from 3,400 before the second Trump administration and up from the current 2,200. Trump's proposed fiscal 2027 budget includes cuts to CISA, drawing bipartisan criticism, while Mullin emphasized reliance on public partnerships to maintain mission effectiveness. A House Appropriations subcommittee is set to consider a DHS funding bill.
- Trump administration releases scaled-back AI executive order
The Trump administration released a revised executive order on artificial intelligence that reduces federal oversight compared to a previous draft. The order maintains a voluntary framework for AI companies to share models with the government for up to 30 days, avoids mandatory requirements, and emphasizes protecting innovation from regulatory burdens.
- Trump quietly signs new AI executive order
President Trump signed a new executive order on artificial intelligence and cybersecurity, directing national security agencies to enhance cybersecurity capabilities and establish a cybersecurity clearinghouse. The order avoids mandatory government licensing for AI models and follows the cancellation of a stricter version that Trump claimed could harm American competitiveness.
- Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Palo Alto Networks' CVE-2026-0257 vulnerability, initially rated medium severity, was escalated to critical after active exploitation was confirmed. Attackers exploit the flaw to bypass authentication and establish unauthorized VPN connections, leveraging a publicly available TLS certificate to forge valid authentication cookies.
- Federal audit reveals NIST’s NVD is plagued by poor planning and duplication
A federal audit found the National Institute of Standards and Technology (NIST) mismanaged its National Vulnerability Database (NVD) due to poor planning, inefficient operations, and duplication with the Cybersecurity and Infrastructure Security Agency (CISA)'s program. The backlog of unprocessed security flaws grew from 13,000 in June 2024 to over 27,000 by December 2025, with NIST failing to meet its self-imposed processing goals and wasting an estimated $200,000 on duplicated work between agencies.
- White House charts new course for federal agencies and cybersecurity logging
The White House has updated federal cybersecurity logging rules, replacing a 2021 memo with a new directive emphasizing a risk-based approach to reduce operational inefficiencies. The new memo, M-26-14, tasks the Cybersecurity and Infrastructure Security Agency (CISA) with developing a logging reference architecture and sets timelines for agency compliance. Experts have expressed mixed reactions, citing both the benefits of flexibility and concerns about implementation gaps.
- CISA sidelined as White House scrambles on AI cyber threats
CISA is facing shrinking resources and a diminished role in addressing AI-driven cyber threats, with significant staff and funding cuts under the Trump administration. Industry leaders and former officials warn this undermines preparedness for critical infrastructure attacks, while recent hiring plans may signal a potential reversal.
- CISA to allow researchers to report vulnerabilities to exploited bugs catalog
CISA announced a new nomination form that allows researchers, vendors, and industry partners to report vulnerabilities for inclusion in the Known Exploited Vulnerabilities catalog. This initiative aims to streamline the process of identifying and tracking bugs that are actively being exploited in the wild.
- DHS Has Become Central to American Strategy, But Its Strategy Has Not Caught Up
The Department of Homeland Security has become central to American national security strategy following 9/11, but lacks a coherent institutional strategy to guide its disparate components. The 2025 National Security Strategy and recent Counterterrorism Strategy reflect a blurred line between foreign and domestic threats, including cartels, fentanyl trafficking, and cyber operations, yet DHS still lacks a strategic framework to align its mission effectively.
- Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
Democratic lawmakers criticized President Trump's proposed budget priorities, which include $1 billion for White House security and ballroom renovations and $1.8 billion for January 6-related incentives, while his administration cuts cybersecurity funding by $707 million and eliminates federal support for state and local threat detection services. Expert witnesses testified that reduced cybersecurity funding disproportionately impacts smaller jurisdictions that most need protection.
- Lawmakers from both parties say CISA cuts have gone too far
Bipartisan lawmakers Rep. Don Bacon (R-Neb.) and Rep. James Walkinshaw (D-Va.) expressed concern that budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) have compromised its ability to defend civilian networks against foreign cyber threats, particularly from China. Both emphasized that most critical infrastructure entities cannot defend themselves against nation-state adversaries without federal support. President Trump's proposed fiscal 2027 budget would cut CISA by $707 million.
- Trump postpones executive order focused on AI security
President Trump postponed an executive order that would have established a 90-day voluntary testing regime for frontier AI models, citing concerns about harming U.S. AI industry competition with China. The order would have involved multiple federal agencies including the NSA and Treasury Department in evaluating new AI models before public release. The decision represents a pivot toward prioritizing industry competitiveness over AI safety measures.
- CISA chief frets about open-source vulnerabilities, delayed security improvements
CISA acting director Nick Andersen expressed concern about vulnerabilities in open-source software that underpins modern digital infrastructure, citing recent attacks by North Korean group TeamPCP. He emphasized the need for hard security decisions and modified approaches to vulnerability management, while noting the U.S. has delayed necessary security improvements and accumulated significant technical debt.
- Young American women in the crosshairs of dark network: They flirt and flatter, watching every move... then they strike
The article discusses young American women being targeted by a dark network, where they are manipulated through flattery and then taken advantage of. The women are unaware of the intentions behind the flirting and are caught off guard when they strike. This phenomenon is a cause for concern among authorities.
- Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Attackers exploited vulnerabilities in over 22,000 breaches analyzed by Verizon, making exploits the top initial access vector, with a surge in exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects accounted for 31% of all known initial access vectors. Ransomware accounted for 48% of all breaches last year, up from 44% in 2024.
- CISA Exposes Secrets, Credentials in 'Private' Repo
The Cybersecurity and Infrastructure Security Agency's GitHub repository was publicly available since November 2025 and contained secrets and credentials despite being named 'Private-CISA'. This exposure is a significant security concern. The agency's mistake has raised questions about its ability to protect sensitive information.
- Former CISA nominee Sean Plankey named US CEO of defense startup
Sean Plankey, former nominee for director of the Cybersecurity and Infrastructure Security Agency, has been named US CEO of defense startup UFORCE. UFORCE is a London-based company that creates combat drones and plans to manufacture unmanned surface vessels in the US. Plankey's appointment comes after he withdrew his nomination for the CISA director position amid senate objections.
- ‘The new era is here’: Fears rise over AI hacking
AI has entered a new era of cybersecurity threats, with Google detecting the first known case of cybercriminals using AI to exploit zero-day vulnerabilities. Senate Minority Leader Chuck Schumer is urging the Department of Homeland Security to develop a national coordination plan by July to address AI-enabled hacking risks to critical infrastructure.
- Cisco zero-day under ongoing attack by persistent threat group
Cisco is under attack by a persistent threat group exploiting a zero-day vulnerability in its Catalyst SD-WAN Controller and Manager, with a CVSS rating of 10. The vulnerability, CVE-2026-20182, allows attackers to bypass authentication and gain administrative access. Cisco has released a patch for the vulnerability.
- Major world economies spell out key elements of AI ‘ingredients list’
A group of international government agencies released guidance on what artificial intelligence 'ingredients list' tools should include to make AI more secure. The guidance aims to set minimum voluntary standards for software bills of materials (SBOMs) for AI. Industry professionals welcomed the guidance, praising it as a good step towards improving trust in AI systems.
- Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
Senate Minority Leader Chuck Schumer called on the Department of Homeland Security to work closely with state and local governments to defend against artificial intelligence-strengthened hacks. Schumer wants a plan from DHS by July 1 on coordinating with state and local governments on various cybersecurity questions. He is concerned about the capabilities of DHS to carry out this coordination due to federal funding cuts and lack of a Senate-confirmed director.
- Ivanti customers confront yet another actively exploited zero-day
Ivanti customers are being targeted by attackers exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile, with limited exploitation reported. The company has released patches for five high-severity vulnerabilities, including the zero-day defect. Ivanti warned customers of the threat and suggested rotating credentials to reduce risk.
- A critical Palo Alto PAN-OS zero-day is being exploited in the wild
A critical zero-day vulnerability is being exploited in Palo Alto Networks' firewalls, allowing unauthenticated attackers to run code with root privileges. The company has not released a patch but has provided mitigation guidance to customers. Exploitation is expected to increase as more researchers and attackers become aware of the vulnerability.
- CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners to plan for delivering essential services under emergency conditions, potentially for months at a time, due to threats from state-sponsored hackers. The agency is working with the private sector to protect operational technology from attacks. The initiative, known as CI Fortify, aims to create plans for safe operations while isolated from IT networks and third-party tools.
- CISA boasts AI automation improvements to threat analysis, mission support
The Cybersecurity and Infrastructure Security Agency has made significant gains from artificial intelligence automation in its security operations unit, improving threat analysis and mission support. The agency's acting chief of application management, Tammy Barbour, and acting deputy chief technology officer, Laura Wind, highlighted the benefits of automation. However, they also noted barriers to adoption, including legacy workflows and the need for AI governance.
- Mullin: 1.1K CISA staff left DHS amid partial shutdown
Homeland Security Secretary Markwayne Mullin reported that the Cybersecurity and Infrastructure Security Agency (CISA) lost approximately 1,100 employees during a 76-day partial government shutdown linked to a Democratic-led push for federal immigration reform following the deaths of two U.S. citizens in Minnesota.
- US government, allies publish guidance on how to safely deploy AI agents
Cybersecurity agencies from the US, Australia, Canada, New Zealand, and the UK jointly issued guidance urging organizations to integrate autonomous AI systems into existing cybersecurity frameworks, highlighting risks like privilege overreach, design flaws, and behavioral unpredictability. The document emphasizes applying principles like zero trust and least-privilege access to mitigate threats from agentic AI in critical infrastructure and defense sectors.
- CISA flags data-theft bug in NSA-built OT networking tool
CISA has issued a warning about a data-theft vulnerability in GrassMarlin, an operational technology (OT) networking tool developed by the National Security Agency (NSA). The flaw allows attackers to exploit sensitive information if they possess advanced phishing skills.
- Rep. Delia Ramirez takes over as top House cybersecurity Dem
Rep. Delia Ramirez has become the top Democrat on the House Homeland Security cybersecurity subcommittee, succeeding Eric Swalwell after his resignation. She criticizes both Trump and Biden administrations for cybersecurity lapses and co-sponsored legislation to strengthen the cybersecurity workforce.
- Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
CISA and UK cybersecurity agencies detected a previously unknown backdoor malware called Firestarter in a U.S. federal agency's network, part of an ongoing attack on Cisco equipment. The targeted agency remains unnamed, but the incident highlights a long-running cyber campaign against federal infrastructure.
- Trump pick to lead CISA withdraws nomination
President Trump’s nominee for the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, withdrew his nomination after waiting over a year for Senate confirmation. The Senate Committee on Homeland Security and Governmental Affairs confirmed awareness of the withdrawal but had not yet acted on it.
- US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
US and UK cybersecurity agencies warned that a state-sponsored hacking group has deployed a persistent backdoor called Firestarter on Cisco firewalls, which can survive firmware updates and reboots. The malware, linked to threat actor UAT-4356, exploits vulnerabilities patched in September 2025 and has prompted an emergency directive for federal agencies to audit Cisco infrastructure.