The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
Many ICS vendors have not released new advisories for the May 2026 Patch Tuesday.
The post ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA appeared first on SecurityWeek.
CISA: Critical Infrastructure Must Master Isolation, Recovery
The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors.
The post CISA: Critical Infrastructure Must Master Isolation, Recovery appeared first on SecurityWeek.
White House Seeks to Slash CISA Funding by $707 Million
The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure.
The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek.
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681.
The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek.
Nick Andersen Appointed Acting Director of CISA
Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security.
The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.
CISA Navigates DHS Shutdown With Reduced Staff
CISA is currently operating at roughly 38% capacity (888 out of 2,341 staff) due to the DHS shutdown that began February 14, 2026.
The post CISA Navigates DHS Shutdown With Reduced Staff appeared first on SecurityWeek.
CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities
Disclosed at the end of January, the SolarWinds vulnerability was likely exploited as a zero-day since December 2025.
The post CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities appeared first on SecurityWeek.
Organizations Urged to Replace Discontinued Edge Devices
Edge devices that are no longer supported have been targeted in attacks by state-sponsored hackers, the US says.
The post Organizations Urged to Replace Discontinued Edge Devices appeared first on SecurityWeek.
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.
