Red and blue cyber node design

Cyber Threats and Advisories

CISA tracks and shares information about the latest cybersecurity threats to protect our nation against serious, ever-evolving cyber dangers.

Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and work to develop capabilities to disrupt, destroy, or threaten the delivery of essential services. Defending against these attacks is essential to maintaining the nation’s security. Any cyber-attack, no matter how small, is a threat to our national security and must be identified, managed, and shut down. Protecting cyber space is everyone's responsibility - individuals and families, small and large businesses, SLTT and federal governments. By preventing attacks or mitigating the spread of an attack as quickly as possible, cyber threat actors lose their power.

CISA diligently tracks and shares information about the latest cybersecurity risks, attacks, and vulnerabilities, providing our nation with the tools and resources needed to defend against these threats. CISA shares up-to-date information about high-impact types of security activity affecting the community at large and in-depth analysis on new and evolving cyber threats. By staying current on threats and risk factors, CISA helps ensure our nation is protected against serious cyber dangers.

An image portraying a cybersecurity threat

Alerts and Advisories

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

All alerts & advisories

Featured Content

Known Exploited Vulnerabilities Catalog text on the left of glowing alert icon on dark background

CISA's Known Exploited Vulnerabilities Catalog

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to Use the KEV Catalog

Learn how organizations should use the KEV catalog in their vulnerability management prioritization framework.

STOP Ransomware logo

StopRansomware

Designed to help public and private organizations defend against the rise in ransomware cases, StopRansomware is a whole-of-government approach that gives one central location for ransomware resources and alerts.

News

Discover the latest CISA news on Cyber Threat and Advisories.

View All News
APRIL 16, 2025 | PRESS RELEASE

CISA Statement on CVE Program

APRIL 03, 2025 | PRESS RELEASE

CISA and Partners Issue Fast Flux Cybersecurity Advisory

JANUARY 06, 2025 | PRESS RELEASE

CISA Update on Treasury Breach

NOVEMBER 26, 2024 | BLOG

AI Red Teaming: Applying Software TEVV for AI Evaluations

View All News

Helpful Resources

Utilize these resources to gain strategies and guidance to protect your cyber space.

View All Cyber Threats and Advisories Resources
JANUARY 14, 2025 | PUBLICATION

AI Cybersecurity Collaboration Playbook

View Files
JANUARY 15, 2025 | PUBLICATION

Microsoft Expanded Cloud Logs Implementation Playbook

Download File (PDF, 2.25 MB)
FEBRUARY 04, 2025 | EXTERNAL, PUBLICATION

Guidance and Strategies to Protect Network Edge Devices

View Files
FEBRUARY 12, 2025 | FACT SHEET, PUBLICATION

Secure by Design Alert: Eliminating Buffer Overflow Vulnerabilities

This Secure by Design Alert is part of an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle.
Download File (PDF, 521.92 KB)
View All Cyber Threats and Advisories Resources

Services

Explore the cybersecurity services CISA offers to help mitigate risks, respond to incidents, and prevent threats.

View All Services

Protective Domain Name System (DNS) Resolver

INCREASE YOUR RESILIENCE
Contact: Christopher.Villas@cisa.dhs.gov
CISA's Protective Domain Name System (DNS) Resolver Service is the evolution and successor to the DNS egress protection capability currently being delivered through E3A DNS Sinkhole.
Foundational, Intermediate, Advanced

Assessment Evaluation and Standardization Program

The Assessment Evaluation and Standardization (AES) program is designed to enable organizations to have a trained individual that can perform several cybersecurity assessments and reviews in accordance with industry and/or federal information security standards.

Secure Cloud Business Applications (SCuBA) Project

Contact: Cybersharedservices@mail.cisa.dhs.gov
The SCuBA project helps agencies adopt necessary security and resilience practices when utilizing cloud services.
ScubaGear GitHub ScubaGoggles GitHub

Malware Analysis

RESPOND TO AN INCIDENT
CISA's Malware Analysis service provides stakeholders a dynamic analysis of malicious code, including recommendations for malware removal and recovery activities.
Foundational, Intermediate, Advanced
View All Services

Contact CISA Central

CISA Central is the simplest way for critical infrastructure partners and stakeholders to engage with CISA. Please contact Central@cisa.gov.

CISA Central