Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned.
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an exploitation campaign that began in September, the Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday.
The agency issued an emergency directive in September about two bugs affecting Cisco firewall products that were being exploited by “an advanced threat actor.”
Federal civilian agencies were ordered to report back to CISA about their efforts to mitigate the two vulnerabilities impacting Cisco Adaptive Security Appliances.
Source: https://therecord.media/federal-cisco-patches-warning
Related breach coverage
- Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws2026-02-25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks.
- CISA pushes Federal agencies to retire end-of-support edge devices2026-02-07
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]
- CISA warns feds to fully patch actively exploited Cisco flaws2025-11-13
CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. [...]
- CISA shortens patch deadline for critical Ivanti, SolarWinds bugs2026-03-10
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk.