Cybersecurity and Infrastructure Security Agency (CISA)
Coverage of Cybersecurity and Infrastructure Security Agency (CISA) in the Nexus archive.
- Senator presses CISA for answers about alleged GitHub repository leak
U.S. Senator Maggie Hassan demands answers from CISA about an alleged breach involving government contractor Nightwing, uncovered by cybersecurity reporter Brian Krebs. The breach allegedly involves a GitHub repository leak. Senator Hassan sent a letter to the acting director of CISA.
- CISA credential leak raises alarms, and Capitol Hill demands answers
The Cybersecurity and Infrastructure Security Agency (CISA) is investigating a reported exposure of sensitive agency credential data on GitHub, which was discovered by security firm GitGuardian. Congressional Democrats are demanding answers from CISA about the incident. The exposure has raised concerns about potential abuse by malicious parties.
- Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day
Cisco admins must patch a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager, which allows unauthenticated remote attackers to gain admin privileges. The vulnerability, CVE-2026-20182, has been exploited as a zero-day and was added to the Known Exploited Vulnerabilities catalog. Cisco strongly recommends applying available fixes.
- The missing cybersecurity leader in small business
Small- and medium-size businesses are vulnerable to cyberattacks due to lack of senior cybersecurity leadership, with average costs exceeding $250,000. Virtual or fractional Chief Information Security Officers can provide a practical solution. The threat is growing in size and sophistication, with adversaries using AI and collecting encrypted data.
- US government warns of severe CopyFail bug affecting major versions of Linux
The US government has warned of a severe bug called CopyFail that affects major versions of Linux, posing a significant risk to servers and data centers. The Cybersecurity and Infrastructure Security Agency (CISA) states that the bug is being actively used in hacking campaigns. This vulnerability puts Linux-reliant systems at risk of compromise.
- A dozen allied agencies say China is building covert hacker networks out of everyday routers
A dozen allied agencies warn that China-nexus cyber actors are using large-scale covert networks composed of compromised SOHO routers and IoT devices to conduct cyberattacks. These networks enable low-risk, deniable operations for reconnaissance, malware delivery, and espionage, with examples like the Raptor Train botnet. The advisory highlights a strategic shift in tactics and urges organizations to adopt defensive measures.
- CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
CISA has canceled summer internships for the CyberCorps: Scholarship for Service program due to funding issues at the Department of Homeland Security. The program, managed by the NSF and OPM, provides cybersecurity and AI scholarships in exchange for federal service, but participants face disruptions amid budget cuts and hiring freezes. OPM plans to address the backlog with a deferment after the government shutdown resolves.
- Microsoft drops its second-largest monthly batch of defects on record
Microsoft released its second-largest monthly batch of security patches, addressing 165 vulnerabilities, including a zero-day flaw in SharePoint actively exploited in the wild. The update highlighted a surge in AI-discovered vulnerabilities and included high-severity flaws in Microsoft Defender and Windows IKE Extension.