RT @CISAMarci: #DYK 95% of data breaches are caused by human error. 😬Clicking sketchy links, using weak passwords, or skipping MFA. Yikes!….

Interested in becoming a cyber assessor? Our AES Program offers free, on-demand assessment training courses that provide you with the skills you need to safeguard the nation’s critical infrastructure. Learn more:

RT @CISACyber: Update: See newly added info to our #ToolShell Alert. We’ve included info on ransomware deployment, new webshells involved i….

CISA Acting Director Gottumukkala hosted Mr. David Koh, Chief Executive, Cyber Security Agency of Singapore @CSAsingapore. We are working to strengthen our partnership with Singapore and continue collaborating on cybersecurity issues.

RT @CISACyber: Update: As we continue to monitor the scope & impact of #ToolShell, we’ll update our related Alert with new info. Today, we’….

RT @CISACyber: 🛡️We added 4️⃣ CVEs—affecting CrushFTP, Google Chrome, & SysAid On-Prem—to our Known Exploited Vulnerabilities Catalog. Visi….

RT @CISAMarci: 🚨Business Owners: Interlock ransomware is hitting hard across North America & Europe. Protect your operations:. 🔧Patch expos….

🛡️Interlock ransomware actors continue to target businesses and #CriticalInfrastructure organizations in North America and Europe. Review known TTPs & IOCs in our joint Cybersecurity Advisory. 👉#StopRansomware

Secure by Design products use static and dynamic application security testing. These tools can be incorporated into development processes and run automatically to ensure products comply with expected security requirements. Learn more:

RT @CISACyber: We added Microsoft SharePoint server remote code execution vulnerability CVE-2025-53770 to our Known Exploited Vulnerabiliti….

This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content. Take action now 👉

A known exploited vulnerability is a weakness in software, hardware, or applications that attackers use to gain access to these systems. Check out our KEV Catalog to better manage vulnerabilities and keep pace with threat activity:

We created a series of customizable CISA Tabletop Exercise Packages (CTEPs) for our critical infrastructure partners to improve their cybersecurity. The CTEPs cover various cyber threat topics such as ransomware, insider threats, and phishing. See more:

💡Did you know – the X platform gives official government accounts grey badges. Remember to check an account’s profile to ensure that you’re sharing a post from a confirmed official account.

RT @CISACyber: ⚠️@CISAgov issued six NEW public #ICS advisories. These advisories provide info about current security issues, vulnerabiliti….

RT @CISAMarci: Teamwork makes the dream work!🤝The @CISAgov team connected with TOP cloud service partners to help increase federal civilian….

Thanks to approximately 50 tech reps from partner cloud orgs who joined our Cloud Identity Security Tech Exchange. This event facilitated vital knowledge transfer to harden cloud identity infrastructure, raising the cybersecurity & bolstering network defense.

Our free cybersecurity services are designed to help individuals and organizations build and maintain a robust and resilient cyber framework. Learn more:

RT @CISAMarci: "How can my kiddo break into the cyber workforce?"👩‍💻 I remember the thrill of starting out in this field & I'm excited to h….

As #K12 threats evolve, there is greater potential for disruptions to cascade to many functions within a school. It’s critical that schools take a layered approach to security to reduce single points of failure. Read more in our interview with @EdTech_K12: