CISA Defunding and Dismantling Affects Cybersecurity Response
Summary
Hide ▲
Show ▼
The Cybersecurity and Infrastructure Security Agency (CISA) is being defunded and dismantled, jeopardizing the timely identification and mitigation of cyber vulnerabilities. This development leaves organizations more vulnerable to zero-day exploits and delays in response times. CISA's role in coordinating vulnerability information and providing detailed advisories is crucial for accelerating the discovery and resolution of security issues. CISA's partnership with the Center for Internet Security has ended, and over a hundred employees have been laid off. The Common Vulnerabilities and Exposures (CVE) program, funded through CISA, was extended but faces an uncertain future. The Cybersecurity Information Sharing Act of 2015 is up for renewal, with no clear indication of its future. The defunding and dismantling of CISA will increase the risk of exploitation for businesses and their customers, as organizations will have to rely on their own resources or public disclosures to identify vulnerabilities. This delay can leave systems exposed to attacks for longer periods.
Timeline
-
12.09.2025 17:00 📰 1 articles · ⏱ 5d ago
CISA Defunding and Dismantling Jeopardize Cybersecurity Response
The Cybersecurity and Infrastructure Security Agency (CISA) is being defunded and dismantled, terminating its $10 million partnership with the Center for Internet Security and laying off over a hundred employees. The Common Vulnerabilities and Exposures (CVE) program, funded through CISA, was extended but faces an uncertain future. The Cybersecurity Information Sharing Act of 2015 is up for renewal in September 2025, with no clear indication of its future. This development leaves organizations more vulnerable to zero-day exploits and delays in response times, as they will have to rely on their own resources or public disclosures to identify vulnerabilities.
Show sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
Information Snippets
-
CISA has been identifying and mitigating cyber vulnerabilities since 2018.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
CISA's $10 million partnership with the Center for Internet Security has been terminated.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
Over a hundred CISA employees have been laid off.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
The Common Vulnerabilities and Exposures (CVE) program was extended but faces an uncertain future.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
The Cybersecurity Information Sharing Act of 2015 is up for renewal in September 2025.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
CISA provides detailed advisories that accelerate the discovery and resolution of security issues.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
-
The defunding and dismantling of CISA will increase the risk of exploitation for businesses and their customers.
First reported: 12.09.2025 17:00📰 1 source, 1 articleShow sources
- Without Federal Help, Cyber Defense Is Up to the Rest of Us — www.darkreading.com — 12.09.2025 17:00
Similar Happenings
Active exploitation of CVE-2025-5086 in DELMIA Apriso
CVE-2025-5086, a critical deserialization flaw in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software, is being actively exploited. The vulnerability, with a CVSS score of 9.0, affects versions from Release 2020 through Release 2025. Exploitation attempts have been observed, targeting the /apriso/WebServices/FlexNetOperationsService.svc/Invoke endpoint with a Base64-encoded payload. The payload decodes to a GZIP-compressed Windows executable that deploys a malicious program designed to spy on user activities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, advising Federal Civilian Executive Branch (FCEB) agencies to apply updates by October 2, 2025. The malware, identified as Trojan.MSIL.Zapchast.gen, captures keyboard input, takes screenshots, and gathers information about active applications. This information is then sent to the attacker via various means, including email, FTP, and HTTP. The exploit involves sending a malicious SOAP request to vulnerable endpoints. The malicious requests were observed originating from the IP 156.244.33[.]162.