CISA
US Halts Intelligence Briefings to State Election Officials Ahead of 2026 Midterms
Federal agencies have frozen cybersecurity support and threat intelligence sharing with state election officials, dismantling partnerships built over a decade as Russia, China, and Iran continue targeting voting infrastructure.
Palo Alto VPN flaw under active exploitation as federal remediation deadline expires
Authentication bypass in GlobalProtect allows unauthenticated remote access to enterprise networks, with confirmed attacks across financial services and healthcare sectors since mid-May.
Iran Weaponizes Western AI Models as Export Controls Fail to Match Machine-Speed Threat
Over 60 Iranian cyber groups mobilized AI-assisted attacks within hours of February escalation, exposing fatal gaps in U.S. regulatory frameworks designed for hardware, not algorithmic access.
CISA Contractor Exposed AWS GovCloud Credentials for Six Months, Triggering Congressional Inquiry
A federal contractor's public GitHub repository leaked administrative credentials and internal system documentation, exposing critical infrastructure protection gaps amid agency workforce reductions.
Microsoft Defender Zero-Days Under Active Exploit Force 13-Day Federal Patch Deadline
Two vulnerabilities enabling SYSTEM-level access and denial-of-service attacks are now weaponized in the wild, with CISA mandating federal remediation by June 3.
CISA Exposed AWS Keys and Plaintext Passwords on GitHub for Six Months
America's cybersecurity agency left 844 MB of sensitive credentials in a public repository while its workforce shrank by a third and leadership remained vacant.
CISA contractor exposed AWS GovCloud root keys on public GitHub for six months
A Nightwing employee leaked administrative credentials to federal cybersecurity infrastructure, raising questions about secrets management practices as the agency operates at a third of its normal staffing.
Russia Shifts From Espionage to Sabotage in Critical Infrastructure Attacks
Polish intelligence documents operational disruption capability at water facilities, signaling doctrine change targeting NATO grid and utility systems.
US Officials Eye Three-Day Patch Mandate as AI Weaponizes Zero-Days Faster Than Vendors Can Respond
CISA and National Cyber Director weigh compressing federal patching timelines from 21 days to 72 hours after Chinese and Russian AI-powered campaigns sustain 18-month persistence windows.
CISA confirms months-long exploitation of critical cPanel flaw affecting 70 million domains
CVE-2026-41940 gave attackers root-level server access since February—two months before patches existed—exposing the fragility of delegated hosting infrastructure.
Microsoft’s Incomplete Patch Leaves Zero-Click Windows Flaw Active in Russian Attack Campaigns
A critical vulnerability Microsoft patched in February 2026 left behind a credential theft vector now actively exploited by Russian threat actors, forcing emergency re-patching across federal agencies.
Itron Breach Exposes Correlated Failure Risk Across 800M Utility Households
Supply chain compromise at critical SCADA vendor coincides with Iran-linked infrastructure targeting and imminent NERC compliance deadline.