CISA will ramp up hiring in 2026 to recover from staffing losses under the Trump administration and address national security threats, particularly from China. The agency aims to fill key vacancies and improve its workforce strategy, including hiring state cybersecurity coordinators and enhancing partnerships with educational institutions.

Madhu Gottumukkala, the acting head of CISA, uploaded sensitive government documents to ChatGPT, triggering security warnings. His use of the AI tool was initially restricted, and there are ongoing investigations into potential security risks from this incident. Previously, he failed a polygraph test and had staff suspended for accessing classified information.

CISA released a guide to help owners and operators in operational technology (OT) environments adopt secure communication practices. The guide addresses barriers like cost, complexity, and interoperability issues while providing actionable recommendations to enhance cybersecurity against threats.

The article discusses an emergency directive issued by CISA in response to critical zero-day vulnerabilities discovered in Cisco products. It emphasizes the urgency for organizations to apply patches and mitigate risks associated with these vulnerabilities to enhance cybersecurity defenses.

Illumina has agreed to a $9.8 million settlement due to failing to incorporate adequate cybersecurity measures in its products, leading to vulnerabilities that could be exploited by remote attackers. This settlement arises from a lawsuit initiated by a former employee under the False Claims Act, with a portion of the funds allocated to the whistleblower.

A potential government shutdown in September 2025 could result in two-thirds of the personnel at the Cybersecurity and Infrastructure Security Agency (CISA) being sent home, which raises concerns about national security and cybersecurity readiness. The agency, vital for protecting the nation's critical infrastructure, may face significant operational challenges if a resolution is not reached.

A critical vulnerability in file transfer protocols has been exploited, leading the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert. The flaw allows unauthorized access and potential data breaches, prompting organizations to update their systems and mitigate risks immediately.

CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.

CISA has issued a warning about a high-severity arbitrary code execution vulnerability in the Git version control system, tracked as CVE-2025-48384, which is being actively exploited by hackers. Federal agencies must apply patches by September 15th or take alternative security measures. Additionally, two Citrix Session Recording vulnerabilities have also been added to the Known Exploited Vulnerabilities catalog, with the same deadline for remediation.

A critical vulnerability in the widely used Sudo program has been identified, allowing attackers to gain unauthorized root access on affected systems. The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to apply the necessary patches to mitigate potential exploitation of this flaw. Organizations are advised to prioritize updates to prevent security breaches.

A critical remote code execution vulnerability (CVE-2025-3248) in Langflow has been actively exploited, allowing attackers to gain full control of vulnerable servers via an unprotected API endpoint. Organizations are urged to upgrade to version 1.3.0 or later to mitigate risks, as CISA warns of the high likelihood of exploitation and the potential existence of over 500 exposed instances. Those unable to upgrade should restrict access to Langflow services immediately.

The lapse of a critical cyber threat information-sharing law, established under the Cybersecurity Information Sharing Act (CISA) of 2015, has raised concerns amid the ongoing government shutdown. This law was designed to facilitate the sharing of threat intelligence between the government and private sector, and its expiration could hinder national cybersecurity efforts at a time of increasing cyber threats.

The White House has proposed a $491 million budget cut for the Cybersecurity and Infrastructure Security Agency (CISA), arguing that the agency had strayed from its core mission and become overly focused on censorship. The cuts aim to eliminate perceived inefficiencies and refocus CISA on essential cyber defense tasks.

The FBI and CISA have issued a warning regarding the Interlock ransomware, which is specifically targeting critical infrastructure sectors in the United States. This ransomware employs advanced techniques to disrupt operations and demands large ransoms, posing a significant threat to essential services. Organizations are urged to enhance their cybersecurity measures to mitigate the risks associated with such attacks.

CISA reported that hackers breached a U.S. federal agency by exploiting a critical unpatched vulnerability in GeoServer, leading to lateral movement within the agency's network and the installation of web shells. The attackers remained undetected for three weeks until their activities triggered alerts, prompting an investigation and response measures. CISA emphasizes the importance of timely patching and monitoring for security vulnerabilities.

Over 500 NPM packages were compromised by a self-replicating worm called Shai-Hulud, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert for developers to secure their credentials and review dependencies. GitHub is implementing stricter authentication and security measures to prevent future attacks.

Over 266,000 F5 BIG-IP instances are exposed online, following a breach that allowed nation-state hackers to steal source code and information about security flaws. F5 has released patches for 44 vulnerabilities and urged users to update their systems, while CISA has mandated federal agencies to secure their F5 products by specific deadlines and disconnect unsupported devices.

A vulnerability has been identified in the End-of-Train and Head-of-Train remote linking protocol, affecting multiple devices from manufacturers like Wabtec and Siemens. The weakness allows potential exploitation through weak authentication, posing risks to transportation systems. CISA recommends mitigations and encourages users to contact device manufacturers for further guidance.