CISA and DHS urge baseline controls to reduce phishing, account takeover, and recovery risk
Defensive Guidance
Summary
Hide ▲
Show ▼
CISA and DHS urged organizations and individuals to adopt baseline controls that reduce phishing, account takeover, vulnerability exposure, and incident-recovery risk. The guidance emphasizes strong passwords, multifactor authentication (MFA), and software updates as immediate actions with broad protection value. It also calls for logging, backups, and encryption to improve detection, resilience, and recovery across government and business environments.
Related Happenings
Healthcare phishing defense guidance for VPN MFA and continuous training
Defensive Guidance
First: 22.05.2026 16:17
Last: 22.05.2026 16:17
Sources 1
About this happening:
Healthcare defenders were urged to treat **phishing** as a top priority, which matters because social engineering is a direct path to **credential abuse** in clinical environments...
Healthcare phishing defense guidance for VPN MFA and continuous training
Defensive GuidanceAbout this happening: Healthcare defenders were urged to treat **phishing** as a top priority, which matters because social engineering is a direct path to **credential abuse** in clinical environments...
CISA-led zero-trust guide for OT environments
Public Sector Action
First: 30.04.2026 17:00
Last: 30.04.2026 17:00
Sources 1
About this happening:
US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...
CISA-led zero-trust guide for OT environments
Public Sector ActionAbout this happening: US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...
CISA and NCSC-UK China-nexus covert device networks advisory
Advisory/Mitigation
First: 23.04.2026 15:00
Last: 23.04.2026 15:00
Sources 1
About this happening:
**CISA** and **NCSC-UK** released a new advisory warning organizations about **Chinese government-linked** covert networks built from **compromised devices**. The guidance says we...
CISA and NCSC-UK China-nexus covert device networks advisory
Advisory/MitigationAbout this happening: **CISA** and **NCSC-UK** released a new advisory warning organizations about **Chinese government-linked** covert networks built from **compromised devices**. The guidance says we...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
Campaign
First: 03.04.2026 11:00
Last: 03.04.2026 11:00
Sources 1
About this happening:
The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
CampaignAbout this happening: The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
Timeline
-
29.09.2025 15:00 2 articles · 8mo ago
DHS and CISA launch Cybersecurity Awareness Month 2025
Initial DisclosureThe Department of Homeland Security and CISA announce the official beginning of Cybersecurity Awareness Month 2025 and urge citizens, government entities, businesses, and supply-chain partners to strengthen defenses with phishing reporting, strong passwords, multifactor authentication, software updates, system logging, backups, and encryption to help protect critical infrastructure and everyday services.
Show sources
- DHS and CISA Announce Cybersecurity Awareness Month 2025 — www.cisa.gov — 29.09.2025 15:00
- DHS and CISA Announce Cybersecurity Awareness Month 2025 — www.cisa.gov — 29.09.2025 15:00