CISA stories

FIRST conference in Scottsdale draws 500-plus as security leaders and AI firms debate vulnerability disclosure, CWE's role and CVE's future.

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

Qualys study says attackers are exploiting flaws before patches exist, as manual remediation lags and edge systems emerge as the highest risk.

Rapid7 warns exploited high and critical software flaws more than doubled in 2025, as attackers compress disclosure-to-attack windows.

FIRST to host three cybersecurity conferences in 2026 as it predicts annual CVE disclosures will surpass 50,000 for the first time.

Microsoft's March Patch Tuesday fixes 77 flaws, including a severe SQL Server bug that could grant attackers sysadmin rights remotely.

Cayosoft posts 76% ARR jump for 2025 as identity recovery demand soars and it wins major public sector and enterprise customers.

China-linked Warlock ransomware group exploits SmarterMail flaw for admin takeovers, chaining features to gain full Windows control.

Attackers are abusing Windows screensaver files in a spearphishing campaign to stealthily install remote access tools on business systems.

As hybrid IT sprawl fuels blind spots and AI-driven attacks, experts say only a zero trust, hybrid mesh rethink can secure modern networks.

Over 70% of major retailers and nearly 60% of wholesalers have exposed credentials, leaving shared supply chains ripe for attack.

Major firms are leaving known, actively exploited cyber flaws unpatched for six months or more, sharply heightening breach risks.

Black Hat will premiere Semperis documentary Midnight in the War Room in Las Vegas, spotlighting the human cost of cyber conflict.

NCC Group links Silver Fox's false-flag malware campaigns to ValleyRAT and uncovers critical PowerG flaws that can fully compromise alarms.

Auto-update turns your firewall into a living defence, slashing patch delays and shutting attackers' favourite door: unpatched systems.

Global cyber defence group FIRST reports record 2025 growth, topping 820 member teams and expanding technical, training and capacity work.

Cyber attacks on SaaS platforms are soaring, pushing boards to make AI‑driven security a core strategy as misconfigurations fuel mass breaches.

AI-driven hackers are tipped to ramp up attacks on critical infrastructure and governments by 2026, exploiting ageing industrial systems.

SonicWall's SonicOS 7.3 and NSM 3.1 harden networks with secure-by-default passwords, auto patching and stronger encrypted management.

AI deployment in critical infrastructure raises cyber security risks as attackers exploit operational technology networks with advanced AI-driven tactics.