Policy & Government
GitGuardian discovered a public GitHub repo named 'Private-CISA' holding 844 MB of plaintext passwords, AWS GovCloud admin tokens, and Entra ID SAML certs belonging to CISA — public since November 2025. The Nightwing contractor engineer manually disabled push-protection.
Application Security
Two page-cache write bugs chained for deterministic Linux root. Public exploit released after embargo break on May 7. AlmaLinux specifics matter; container workloads inherit host kernel exposure.
Trending
After more than a year of the second Trump administration, observers across the political spectrum told CyberScoop that CISA has been significantly diminished, losing roughly one-third of its personnel.
Vulnerabilities
CISA confirmed active exploitation of two vulnerabilities — a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware and a Microsoft Windows Shell spoofing bug attributed to Russian APT28 — adding both to its Known Exploited Vulnerabilities catalog with a federal patching deadline of May 12, 2026. WASHINGTON, D.C. — The Cybersecurity
Vulnerabilities
CISA has flagged a data-theft vulnerability in GrassMarlin, an open-source OT network analysis tool developed by the NSA. The tool reached end-of-life in 2017 and no patch will be released. A public proof-of-concept exploit is already available on GitHub. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency has published
CISA
Federal agency confirmed breached via unpatched Cisco ASA flaws; only a hard power cycle removes the persistent implant redeploying months after initial patches. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive following the discovery of a Firestarter malware infection within a U.S.
Vulnerabilities
Microsoft Defender LPE (CVE-2026-33825) added to KEV catalog after Huntress confirms wild exploitation; 2 related zero-days remain unpatched. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent mandate for all Federal Civilian Executive Branch (FCEB) agencies to patch a high-severity Microsoft Defender zero-day. The vulnerability,
Vulnerabilities
The "Jolokia" vulnerability allows for unauthenticated Remote Code Execution, posing a significant risk to the message-brokering infrastructure that underpins global finance and logistics. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical input validation vulnerability in Apache ActiveMQ to its Known Exploited