Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA end-of-support edge device decommissioning mandate (BOD 26-02)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

CISA's BOD 26-02 now forces U.S. federal agencies to inventory, decommission, and replace end-of-support edge devices that no longer receive security updates. The directive covers routers, firewalls, and network switches, which CISA says are exposed to newly discovered, unpatched vulnerabilities and ongoing exploitation. Deadlines begin with a three-month inventory and extend through 12-, 18-, and 24-month remediation milestones.

Related Happenings

CISA zero-trust SASE guidance for TIC 3.0

Public Sector Action
H score30 First: 25.06.2026 14:30 Last: 25.06.2026 14:30 Sources 1

About this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...

CISA-led joint advisory to secure internet-exposed ATG systems

Public Sector Action
H score43 First: 05.06.2026 17:50 Last: 05.06.2026 17:50 Sources 1

About this happening: On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score33 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

CISA releases CI Fortify guidance for critical infrastructure resilience

Public Sector Action
H score29 First: 05.05.2026 15:00 Last: 05.05.2026 15:00 Sources 1

About this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...

Latest development: 06.05.2026 16:15

CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.

Timeline

  1. 06.02.2026 10:41 1 articles · 5mo ago

    CISA issues BOD 26-02 for end-of-support edge devices

    Legal Policy Action Update

    CISA issued Binding Operational Directive 26-02 on 2026-02-06, requiring U.S. federal agencies to identify, inventory, decommission, and replace end-of-support network edge devices such as routers, firewalls, and network switches. The directive warns that EOS edge devices are being targeted in widespread exploitation campaigns by advanced threat actors, that newly discovered unpatched vulnerabilities expose federal systems to disproportionate and unacceptable risks, and that agencies must move unsupported hardware and software to vendor-supported equipment with current security updates on the stated deadlines.

    Show sources