Latest CISA news

A denial-of-service bug patched five months ago turned out to be unauthenticated RCE with CVSS 9.8. F5 confirmed nation-state exploitation of CVE-2025-53521 in BIG-IP APM, and CISA gave federal agencies three days to patch. 240,000+ instances are exposed.

A seven-page strategy and a new executive order reshape U.S. cyber policy around offensive operations and lighter regulation. The SEC disclosure rules face review. CISA, the agency that would execute the plan, has lost a third of its staff.