Search

arstechnica.com › information-technology › 2026 › …

Secret CISA credentials found in public GitHub repo

… Nightwing has so far not commented publicly, instead referring questions back to CISA. This isn’t the first time CISA has screwed up—in fact, it’s not even the first time this year . …

May 19, 2026 · Lee Hutchinson

Top stories

bleepingcomputer.com

CISA tells govt agencies to patch critical exploited flaws in 3 days

17h ago

wired.com

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

20h ago

techcrunch.com

CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang | TechCrunch

1d ago

bleepingcomputer.com

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

2d ago

techcrunch.com › 2026 › 05 › …

US cyber agency CISA exposed reams of passwords and cloud keys to the open web | TechCrunch

… CISA has been without a permanent director since January 20, 2025, when then-CISA director Jen Easterly stepped down ahead of the start of the incoming Trump administration. CISA has also lost about a third of its workforce following cuts, furloughs, and layoffs since Trump took office. …

May 19, 2026 · Zack Whittaker

bleepingcomputer.com › news › security

CISA warns of active attacks exploiting Android, Linux bugs

… Get the whitepaper Related Articles: Analysis of one billion CISA KEV remediation records exposes limits of human-scale security CISA flags Windows Task Host vulnerability as exploited in attacks CISA orders feds to patch exploited Fortinet EMS flaw by Friday CISA flags two-year-old Oracle flaw as … …

Jun 3, 2026 · Bill Toulas

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

… Download Now Related Articles: Microsoft warns of new Defender zero-days exploited in attacks CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks CISA gives feds 4 days to patch actively exploited cPanel plugin flaw CISA orders feds to patch actively exploited Drupal vulnerability… …

Jun 2, 2026 · Sergiu Gatlan

Discussions and forums

Hacker News · u/openbin_kng · 1w ago

CISA warns of cyberattacks targeting fuel tank monitoring systems

CISA warns of cyberattacks targeting fuel tank monitoring systems

1

r/cybersecurity · u/rkhunter_ · May 4, 2026

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

CISA says ‘Copy Fail’ flaw now exploited to root Linux systems

Hacker News · u/eth0up · May 2, 2026

CISA KEV: Linux "Copy Fail" CVE-2026-31431 Turns Kernel Bug into Patch Deadline

CISA KEV: Linux "Copy Fail" CVE-2026-31431 Turns Kernel Bug into Patch Deadline

1

r/netsec · u/Only_End_1541 · 2w ago

[Analysis] CISA contractor left AWS GovCloud admin keys, plaintext passwords, SAML certs, and Kubernetes configs on a public GitHub repo for 183 days — with secret scanning deliberately disabled

I wrote a full technical breakdown of the CISA/Nightwing GitHub credential leak that dropped last week. Sharing here because the coverage mostly stopped at "government agency leaked secrets" without getting into what act…

r/sysadmin · u/Krelik · Apr 30, 2026

I Pushed Out Ublock Origin Across The Org & Stopped (some) Phishing

As the title states, I pushed out UBO via GPO and it stopped some phishing attempts. I did this some time ago but I wanted to write about it now. About two years ago when I joined my company, I was tasked with enforcing …

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

CISA orders feds to patch actively exploited Drupal vulnerability By Sergiu Gatlan May 26, 2026 04:46 AM CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system CMS that it flagged as acti… …

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

… Get the whitepaper Related Articles: Microsoft warns of new Defender zero-days exploited in attacks Critical SolarWinds Serv-U flaws offer root access to servers CISA flags new SD-WAN flaw as actively exploited in attacks New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute CISA warns… …

Jun 5, 2026 · Sergiu Gatlan

notebookcheck.net

CISA gives Windows admins until June 3 to patch Nightmare Eclipse Defender flaws

… CISA mandated remediation under Binding Operational Directive 22-01 with a 14-day window. …

Jun 1, 2026 · Darryl Linington

tomshardware.com › software › linux

CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack

… That dynamic is reflected in CISA‘s unusually swift inclusion of the flaw in its exploited vulnerabilities list, signaling that the issue poses a significant and immediate risk. …

May 4, 2026 · Etiido Uko

theregister.com › security › 2026 › …

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

Security CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw tha… …

Apr 17, 2026 · Carly Page

igorslab.de

CISA warnt vor aktiv ausgenutzter Windows-Schwachstelle – Behörden mü…

… CISA stuft Windows-Lücke als aktiv ausgenutzt ein Die US-Behörde CISA hat die Schwachstelle CVE-2026-32202 offiziell in ihren „Known Exploited Vulnerabilities“-Katalog aufgenommen. …

May 8, 2026 · Samir Bashir