Red and blue cyber node design

Cyber Threats and Advisories

Defending our nation against ever-evolving cyber threats and attacks is at the core of CISA’s mission. CISA offers the latest cybersecurity news, advisories, alerts, tools, and resources.

Overview

Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. Defending against these attacks is essential to maintaining the nation’s security. Protecting cyber space is the responsibility of individuals, families, small and large businesses, SLTT and federal governments. By preventing attacks or mitigating the spread of an attack as quickly as possible, cyber threat actors lose their power. Any cyber-attack, no matter how small, is a threat to our national security and must be identified, managed, and shut down.    

CISA’s Role

CISA diligently tracks and shares information about the latest cybersecurity risks, attacks, and vulnerabilities, providing our nation with the tools and resources needed to defend against these threats. CISA provides cybersecurity resources and best practices for businesses, government agencies, and other organizations. CISA shares up-to-date information about high-impact types of security activity affecting the community at large and in-depth analysis on new and evolving cyber threats. By staying current on threats and risk factors, CISA helps ensure our nation is protected against serious cyber dangers.

An image portraying a cybersecurity threat

Alerts and Advisories

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

All alerts & advisories

Featured

Automated Indicator Sharing (AIS)

Automated Indicator Sharing (AIS) protects service participants and reduces the prevalence of cyberattacks via the exchange of real-time, machine-readable cyber threat indicators and defensive measures.

Cyber Marketplace

Whether you need help developing initial cybersecurity strategies or strengthening specific weaknesses in your processes, CISA offers the right high-quality, cost-efficient cybersecurity services for you.

Continuous Diagnostics and Mitigation (CDM) Program

Cybersecurity tools, integration services, and dashboards that offer a dynamic approach to fortifying the cybersecurity of federal networks and systems.

CISA's Known Exploited Vulnerabilities Catalog

View the catalog

Cyber Threat and Advisories News

Discover the latest CISA news on Cyber Threat and Advisories.

Cyber Threats and Advisories News
Cyber Threats and Advisories News

Cyber Services

Explore the cybersecurity services CISA offers to help mitigate risks, respond to incidents, and prevent threats.

View All Cyber Threat and Advisories Services
cyber city

Cyber Resilience Review (CRR)

Contact: iodregionaloperations@cisa.dhs.gov
An assessment that evaluates an organization's operational resilience and cybersecurity practices.

Assessment Evaluation and Standardization Program

The Assessment Evaluation and Standardization (AES) program is designed to enable organizations to have a trained individual that can perform several cybersecurity assessments and reviews in accordance with industry and/or federal information security standards.

External Dependencies Management Assessment

Contact: central@cisa.dhs.gov
An assessment for organizations to learn how to manage risks arising from external dependencies within the supply chain
Intermediate
View All Cyber Threat and Advisories Services

Cybersecurity Training

CISA offers a broad range of cyber threat trainings, from introductory courses to expert advice and techniques. 

View All Cyber Threats and Advisories Training

Strengthen Your Resolve - Understanding DNS Attacks

SEMINAR/WORKSHOP | VIRTUAL/ONLINE
We depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors. This webinar provides an organizational perspective and topic overview that may be useful to technical specialists.

Professors in Practice - Session 3: Zero Trust Architecture: How to Choose the Right Model(s) for Your Organization

AUG 19, 2022 | SEMINAR/WORKSHOP | VIRTUAL/ONLINE
Dr. Richardson will review key concepts and strategies from Jameison Twist's paper on Zero Trust Implementation and will discuss options to implement these strategies in Federal Departments and Agencies.

Incident Response and Awareness Training

COURSE | VIRTUAL/ONLINE
Awareness webinars are cybersecurity topic overviews for a general audience including managers and business leaders, providing core guidance and best practices to prevent incidents and prepare an effective response if an incident occurs.
Visit FEDTVE
View All Cyber Threats and Advisories Training

Cyber Threats and Advisories Resources

Utilize these resources to gain strategies and guidance to protect your cyber space.

View All Cyber Threats and Advisories Resources

Continuous Diagnostics and Mitigation (CDM) Program: AWARE

AWARE helps federal civilian agencies assess the size and scope of their cyber vulnerabilities so they can prioritize the highest risk issues.
Watch Video

Vulnerability Exploitability eXchange (VEX) Use Case Document (April 2022)

APR 01, 2022 | OTHER
This use case provides the recommended minimum data elements of a VEX document and offers a set of scenarios with proposed implementations.
Download File (PDF, 164.56 KB)

Zero Trust Maturity Model

APR 11, 2023 | PUBLICATION
The Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture.
View Files
View All Cyber Threats and Advisories Resources

Contact CISA Central

CISA Central is the simplest way for critical infrastructure partners and stakeholders to engage with CISA. Please contact Central@cisa.gov.

CISA Central