CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Blog Feed – Center for Internet Security
- Cybersecurity Hygiene Reinforced by the 2026 Verizon DBIR 2026-06-05The 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today's top attacks.
- CIS Benchmarks May 2026 Update 2026-05-18The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.
- Securing the Integration Protocol 2026-05-14Secure the protocol layer of AI systems with the CIS MCP Companion Guide, covering authorization, tool access, and execution controls.
- 5 Steps to Help Secure Your City before a Large-Scale Event 2026-05-12Have a large-scale event coming up? Here are five mitigation measures as part of a comprehensive approach to secure your city.
- Securing Agents and Autonomous Behavior 2026-05-12Learn how the CIS AI Agent Companion Guide helps secure the agent layer of AI systems, governing autonomy, tool use, memory, and multi‑agent behavior.
- Standing Strong Together: The Resilient Spirit of the SLTT Cybersecurity Community 2026-05-04More than 5,000 in the U.S. SLTT cybersecurity community have affirmed their belief that collaboration in the MS-ISAC is essential. Read more.
- CIS Benchmarks April 2026 Update 2026-05-01The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and
- Securing the AI Ecosystem Begins at the Model Layer 2026-04-30Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.
- Mythos AI: What Actually Matters for Cybersecurity Leaders 2026-04-28AI‑driven vulnerability discovery as embodied in Mythos represents an increase in speed and volume. But it does not invalidate what works.
- Applying the CIS Controls to Real‑World AI Environments 2026-04-21Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.
All CISA Advisories
- Schneider Electric Modicon Network Managed Switches 2026-06-09View CSAF Summary Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Managed Switch product provides connectivity for multiple Ethernet devices, network management, enhanced cyber security and more advanced switching features. Failure to apply the mitigation provided below may risk forgery attacks in RADIUS Protocol, […]CISA
- Schneider Electric EcoStruxure Panel Server 2026-06-09View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides easy and fast connections to multiple concurrent edge control or cloud applications. Failure to apply the remediations provided below may risk unauthorized authentication, which […]CISA
- Siemens KACO Blueplanet Inverters 2026-06-09View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to update to the latest versions. KACO new energy GmbH is […]CISA
- CISA Adds Three Known Exploited Vulnerabilities to Catalog 2026-06-09CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability These types of vulnerabilities […]CISA
- CISA Adds Two Known Exploited Vulnerabilities to Catalog 2026-06-08CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2026-06-05CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant […]CISA
- B&R PPT30 Operating System 2026-06-04View CSAF Summary B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. The following versions of B&R PPT30 Operating System are affected: PPT30 Operating SystemCISA
- Hitachi Energy ITT600 Explorer 2026-06-04View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer […]CISA
- Hitachi Energy RTU500 2026-06-04View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 are affected: […]CISA
- Hitachi Energy MACH HiDraw 2026-06-04View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for […]CISA
ISACA SmartBrief on Cybersecurity
- Nov. 16-19, Las Vegas: ISACA Training Week 2026-06-10-More-
- In retrospect, the mistakes were better than the non-mistakes. 2026-06-10Albert Wolsky, costume designer 1930-2026
- Tchap messaging platform suffers security breach 2026-06-10French authorities are investigating a breach of Tchap, the government's secure messaging platform, after hackers hijacked a -More-
- ISACA 2026 Europe Conference Registration is Open 2026-06-10Immerse yourself in premier IS/IT content, network with like-minded professionals, and hear from insightful thought leaders a -More-
- Report: Pressure prompts firms to deploy vulnerable code 2026-06-10A Checkmarx report reveals that 95% of chief information security officers feel pressured to delay reporting cybersecurity is -More-
- Silent Ransom Group targets US law firms in extortion 2026-06-10Silent Ransom Group has targeted US law firms and financial services firms in a data theft and extortion campaign, using tact -More-
- Critical phpBB flaw allows account hijacking 2026-06-10A critical vulnerability in phpBB allows attackers to hijack accounts, including administrators, with one unauthenticated req -More-
- AI-driven worm shows potential vulnerability exploitation 2026-06-10Researchers from the University of Toronto have developed an AI-driven computer worm that can autonomously navigate networks, -More-
- Are bug bounty's days numbered? 2026-06-10While traditional bug bounty programs and offensive security teams have used AI as a force multiplier, Anthropic's Claude Myt -More-
