Insights

The Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) have released an initial draft of Interagency Report (IR) 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report is in response to Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, providing implementation guidance to help federal agencies and cloud service providers…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense evasion mechanisms, such as running as background services, and enhanced command and control capabilities through encrypted WebSocket connections. The…

Read More

CISA released 12 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactory ICSA-25-345-04 Siemens IAM Client ICSA-25-345-05 Siemens Advanced Licensing (SALT) Toolkit ICSA-25-345-06 Siemens SINEMA Remote Connect Server ICSA-25-345-07 Siemens Building X – Security Manager Edge Controller ICSA-25-345-08 Siemens Energy Services ICSA-25-345-09 Siemens Gridscale X Prepay ICSA-25-345-10 OpenPLC_V3 ICSMA-25-345-01 Grassroots DICOM (GDCM) ICSMA-25-345-02…

Read More

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical weaknesses adversaries exploit to compromise systems, steal data, or disrupt services.  Prioritizing the weaknesses outlined in the Top 25 is integral to CISA’s Secure by Design and Secure by Demand…

Read More

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create Opportunistic Attacks Against US and Global Critical Infrastructure. This advisory, published as an addition to the joint fact sheet on Primary Mitigations to Reduce Cyber Threats to Operational Technology (OT) released in May 2025, details that pro-Russia hacktivist groups are…

Read More