CISA

CISA Tribal Consultation Transcript

The Cybersecurity and Infrastructure Security Agency (CISA) has posted a transcript from a tribal consultation. This document provides a record of discussions related to cybersecurity initiatives and concerns impacting tribal nations.

CISA CIRCIA Comments Posted

The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments received regarding the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). These comments are part of the ongoing public consultation process for the development of CIRCIA regulations.

CISA Tribal Consultation Transcript

The Cybersecurity and Infrastructure Security Agency (CISA) has posted the transcript from its tribal consultation meeting held on February 13, 2026. This document provides a record of discussions between CISA and tribal nations regarding cybersecurity initiatives and concerns.

Cherokee Nation CIRCIA Comments

The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments submitted by the Cherokee Nation regarding the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). These comments are part of the ongoing public consultation process for developing CIRCIA regulations.

CISA Cybersecurity Proposed Rule Comments

The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments from the Bristol Bay Native Corporation regarding a proposed rule. This submission is part of the public consultation period for new cybersecurity regulations.

V8 in Chrome Vulnerable to Code Execution

CISA has added a vulnerability in Google Chrome's V8 engine to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-3910) allows remote code execution and requires federal agencies to patch by March 13, 2026.

Google Chrome Skia Out-of-Bounds Write Vulnerability

CISA has added a known exploited vulnerability, CVE-2026-3909, affecting Google Chrome versions prior to 146.0.7680.75. This vulnerability allows remote attackers to perform out-of-bounds memory access via a crafted HTML page. Agencies are directed to apply mitigations by March 13, 2026.

CISA Adds Two Exploited Vulnerabilities to KEV Catalog

CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.

CISA: Ignition Software Vulnerable to Code Execution

CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.