Cybersecurity and Infrastructure Security Agency

CISA most commonly refers to the Cybersecurity and Infrastructure Security Agency, a federal agency within the United States Department of Homeland Security (DHS). Its core mission is to protect the nation’s critical infrastructure—including cyber, physical, and communications systems—against a wide range of threats, both cyber and physical.

Key facts about CISA

CISA was created in November 2018 through the Cybersecurity and Infrastructure Security Agency Act, elevating the former National Protection and Programs Directorate within DHS to agency status. CISA leads national efforts to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every day.

Core responsibilities

CISA coordinates cybersecurity programs and incident responses across federal, state, local, tribal, and territorial governments, as well as with private sector partners. The agency safeguards essential sectors such as energy, transportation, healthcare, and finance from both cyber and physical threats. CISA ensures interoperable communications for emergency responders and leads efforts to secure national elections. CISA provides risk assessments, technical assistance, training, and resources to help organizations strengthen their security and resilience.

CISA works closely with public and private sector partners, as well as international entities, to share information, develop best practices, and respond to emerging threats.

As of 2025, CISA is headquartered in Arlington, Virginia, but plans to relocate to the DHS St. Elizabeths campus.

Synonyms:

CISA

Iranian hackers claim to possess about 100 gigabytes of emails from Trump’s circle.
Pro-Iran hackers have recently threatened to release a large trove of emails allegedly stolen from individuals closely associated with former President Donald Trump. U.S. federal officials have characterized this as a “calculated smear campaign” and dismissed the threat as “digital propaganda” designed to undermine Trump and other government officials. However, previously leaked documents by the group were authenticated and included communications about campaign strategy and legal matters involving Stormy Daniels
The Big Beautiful Bill: How the New Legislation Will Impact U.S. Cybersecurity.
Washington, D.C. – The recently approved "Big Beautiful Bill" is making waves across the cybersecurity landscape, promising sweeping changes for federal agencies, the Department of Defense, and civilian infrastructure. While the bill delivers major funding boosts for federal IT modernization and defense cybersecurity, it also slashes budgets for key civilian programs, raising concerns among experts about the nation’s ability to respond to evolving cyber threats.
Well, there goes American spycraft. CISA Issues Urgent Warning Over Exploited Vulnerabilities in Signal Clone Used by Federal Agencies
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive following the active exploitation of critical security vulnerabilities in TeleMessage TM SGNL, a secure messaging application modeled after Signal and widely used by federal agencies and national security personnel.
Ransomware Turf War: DragonForce Targets UK Retail Giants Amid Escalating Feud with RansomHub
In the ever-evolving landscape of cybercrime, a new rivalry is reshaping the ransomware ecosystem. DragonForce, a group with roots in hacktivism, has rapidly transformed into a formidable ransomware-as-a-service (RaaS) cartel, recently launching high-profile attacks on prominent UK retailers including Marks & Spencer (M&S), Harrods, and the Co-op. This surge in activity coincides with a public and aggressive turf war against rival group RansomHub.
A critical command injection vulnerability found in the popular POHPMailer PHP library.
A critical command injection vulnerability in PHPMailer—a widely used PHP library for sending emails—has recently come under renewed scrutiny following reports of active exploitation. Identified as CVE-2016-10033, this vulnerability poses a significant risk to web applications that rely on PHPMailer for email functionality.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Key facts about CISA

Core responsibilities

Related