US CISA News

Updated RESURGE Malware Analysis Highlighting Stealthy Active Threat

CISA released an updated Malware Analysis Report (MAR) on RESURGE malware targeting Ivanti Connect Secure devices. The updated analysis reveals that RESURGE can remain dormant and undetected on compromised systems until a remote actor connects, using advanced network-level evasion techniques and forged TLS certificates for covert command-and-control. CISA urges network defenders to use the provided indicators of compromise and detection signatures to identify the malware and implement the referenced mitigation instructions.

CISA Announces Virtual Town Halls on Cyber Incident Reporting Rulemaking for Critical Infrastructure

CISA announced a series of virtual town hall meetings to gather stakeholder input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking. The town halls begin March 9, 2026, with the full schedule published in the Federal Register. Once implemented, CIRCIA will require covered critical infrastructure organizations to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours.

Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems

CISA issued Emergency Directive 26-03 requiring all Federal Civilian Executive Branch agencies to immediately inventory, patch, and harden Cisco SD-WAN systems against active exploitation by malicious cyber threat actors. The directive specifically addresses CVE-2026-20127 and CVE-2022-20775 vulnerabilities that pose an unacceptable risk to federal networks. CISA will monitor agency compliance and provide technical assistance as agencies implement the required actions.