#CISA
29 stories taggedCISA.
Feds Sound Alarm on Exposed Fuel Tank Gauges as Hackers Probe Critical Infrastructure
CISA, FBI, NSA and DOE say internet-facing ATG systems at fuel depots, hospitals and military sites are being scanned and hit. The fix is mostly operator hygiene.
Trump Signs AI Cybersecurity Order, Reviving the Pre-Release Review Provisions His Team Killed Two Weeks Ago
The new directive creates a voluntary framework for government review of frontier AI models and spins up a Treasury-led vulnerability clearinghouse — while going out of its way to say none of this is mandatory.
Three Stories You Probably Missed: Trump Mobile Leak, FIFA Phishing, and CISA's Supply Chain Cleanup
A customer data exposure, a tournament-themed phishing campaign, and a federal agency scrambling to respond to upstream compromise — a busy week for the incidents no one headlined.
Shadow AI Is Now a Compliance Problem, Not Just an IT One
Employees are running unsanctioned AI assistants by the handful. Regulators are starting to ask who approved them, and under which control framework.
CISA Gives Federal Agencies Four Days to Kill a cPanel Plugin Bug Already Being Exploited
The LiteSpeed plugin sits on millions of shared hosting accounts. CISA's compressed timeline says the quiet part loud: someone's already inside.
The Bot That Learned to Lie: Inside the New Generation of AI-Driven DDoS
Defenders describe attack waves that pause, study traffic patterns, and resume from fresh infrastructure — behavior that looks less like a script and more like a sparring partner.
Operators Warn AI-Generated Traffic Is Outpacing Static DDoS Defences as Regulators Eye Disclosure Rules
Machine-learning-driven flood attacks are reshaping volumetric thresholds faster than current incident-reporting frameworks anticipated.
AI-Driven OT Security Is Only as Good as the Telemetry Feeding It
Fewer than 10 percent of OT networks have meaningful monitoring in place, according to the 2026 Dragos OT Cybersecurity Year in Review. Until that changes, layering machine-learning tools on top of industrial control systems may create more risk than it resolves.
AI Agent Identities Are Redrawing Enterprise IAM Budgets
New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.
CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit
Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.
CISA Contractor Spent Six Months Treating GitHub as a Personal Dropbox
A Nightwing employee's public 'Private-CISA' repo leaked AWS GovCloud admin keys, plaintext passwords and the agency's internal build pipeline — with secret-scanning deliberately switched off.
CISA Contractor's Public GitHub Repo Spilled GovCloud Keys for Months; Lawmakers Want Answers
An RSA private key tied to the CISA-IT GitHub organization sat in a public 'Private-CISA' repo since November 2025. The agency is still rotating credentials.
npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval
GitHub's package registry now requires a human maintainer to clear a two-factor challenge before a release leaves a staging area, a control aimed at the supply chain attacks that have repeatedly compromised the JavaScript ecosystem.
Agentic AI Quietly Rewrites the NDR Pitch, But Procurement Rules Have Not Caught Up
Network detection vendors say autonomous triage is thinning the alert queue. Buyers are now asking what regulators will let those agents actually do.