Cybersecurity and Infrastructure Security Agency

Security starts with awareness, and one person can make a difference. From terrorist threats to insider risks, being alert to your surroundings can prevent harm. Check out our resources to empower individuals with the knowledge and tools to identify suspicious behavior and take action. https://lnkd.in/gHtVyvCs

We’ve updated Emergency Directive 25-03 and released Malware Analysis Report: FIRESTARTER Backdoor in response to threat actors exploiting CVE-2025-20333 & CVE-2025-20362 vulnerabilities to gain persistent remote access and control over Cisco Firepower and Secure Firewall devices. FIRESTARTER malware can survive patching and allows threat actors to re-access compromised devices. Review and implement detection and mitigation actions to ensure your organization is protected 👉 https://go.dhs.gov/5Zf & https://go.dhs.gov/5Zw

Chinese government-linked cyber threat actors are using covert networks built from compromised SOHO routers, IoT, and smart devices to carry out malicious activities, including the use of large-scale botnet infrastructure to obscure attribution and enable reconnaissance, malware delivery, command-and-control, and data exfiltration. We urge all organizations to take these immediate steps: ✅ Map and understand network edge devices, developing a clear understanding of organizational assets and what should be connected to them. ✅ Baseline normal connections, especially to corporate VPNs or other similar services. ✅ Maintain log collection and storage solutions to assist with detecting and responding to unauthorized access attempts. ✅ Implement multifactor authentication for remote connections. Review our advisory for TTPs & additional mitigations against this threat. 🔗 https://go.dhs.gov/5Z3

Recently, in coordination with Lumen Field and local, state, and federal partners, CISA supported a full-scale exercise designed to test and strengthen security and emergency response at one of our nation’s premier sports venues. This full-scale exercise brought together more than 463 participants from over 26 organizations to practice real world coordination under pressure. Even during a shutdown, CISA’s mission doesn’t pause. Our teams remain actively engaged with host cities to ensure that venues, partners, and communities are ready to meet the unique security demands of a global event like the FIFA World Cup.

In April, we honor the 168 lives lost and all those forever changed by the Oklahoma City Bombing on April 19, 1995. This tragic moment in our nation’s history reshaped how we think about security, preparedness, and resilience. In the years since, the lessons learned from the bombing have directly guided the evolution of federal security standards and partnerships. The Interagency Security Committee— established by Executive Order 14111 in the wake of the attack —continues to strengthen protections for federal facilities nationwide, ensuring we never lose sight of the importance of vigilance and collaboration. At CISA, that legacy lives on in our work every day. From safeguarding critical infrastructure to advancing modern security standards, we remain committed to reducing risk, building resilience, and honoring those we lost by helping prevent future acts of violence. As we reflect on this anniversary, we reaffirm our mission: to work together as one community—federal, state, local, and private sector—to keep our nation safe. Learn more: https://lnkd.in/gN7Kwzni

Our adversaries don’t stop during a shutdown. Acting Director Nick Andersen testified about how CISA better equips our critical infrastructure partners to harden their systems as opportunistic attacks increase in frequency.

Acting Director Andersen swore in Sean Coyne, Senior Advisor for Cybersecurity, and Marco Disandro, External Affairs Specialist, yesterday. Both bring a wealth of knowledge and expertise that will help advance our mission. Join us in welcoming them to our team!

🚨 Iranian-affiliated cyber actors are actively targeting internet-connected operational technology devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. Targeted devices span multiple U.S. #CriticalInfrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems, and Energy. For additional technical information including IOCs and recommended mitigations, review our joint Cybersecurity Advisory with the Federal Bureau of Investigation (FBI), National Security Agency, US Environmental Protection Agency (EPA), and the U.S. Cyber Command’s Cyber National Mission Force (CNMF). 👉 https://go.dhs.gov/iFo

We trained NYC frontline security teams on Surveillance Detection for Bombing Prevention, building critical skills to identify & respond to hostile surveillance activities. Despite the shutdown, CISA is focused on strengthening security measures in preparation for FIFA and America 250.

Despite the current shutdown, CISA’s Counter IED mission is still fully engaged and assisting with prep for events, like FIFA. We provide critical resources that help public and private partners strengthen their ability to deter, prevent, and respond to bombing incidents. Explore the factsheet to see how these efforts support national security. https://go.dhs.gov/ivc