https://www.cisecurity.org/feed/blogIndustry news, product updates, videos, infographics, and more from CIS.enhttps://www.cisecurity.org/-/jssmedia/project/cisecurity/cisecurity/data/media/img/uploads/2020/04/cropped-cis-512x512-1-32x32.png?h=32&w=32&rev=023ed3a07d874562a4ebce861c4525f0https://www.cisecurity.org/feed/blog5ef5dc21-8816-48f9-be5a-06484c0e44e1https://www.cisecurity.org/insights/blog/cis-benchmarks-june-2026-updateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.Thu, 18 Jun 2026 12:05:00 -0400ed27f9bb-7c28-4f1f-b06c-8e53bd93145chttps://www.cisecurity.org/insights/blog/keep-hipaa-expectations-growing-cyber-threatsHealthcare organizations can satisfy cybersecurity and HIPAA compliance obligations while upholding patient safety. Read on to learn how.Tue, 16 Jun 2026 09:55:00 -04003ecbb2c1-1f12-430f-81c4-f5ef5f80293dhttps://www.cisecurity.org/insights/blog/cis-controls-community-volunteer-spotlight-diego-bolattiDiego Bolatti advances CIS Controls adoption for SMEs through research, policy templates, and AI-driven cybersecurity tools.Fri, 12 Jun 2026 15:59:00 -04000ca58489-73e3-4f28-88a4-ce3c2cac16adhttps://www.cisecurity.org/insights/blog/return-mcap-malware-analysis-built-sltt-membersOur Malicious Code Analysis Platform (MCAP) supports malware analysis specifically designed for SLTT teams. Read our blog post to learn more.Thu, 11 Jun 2026 09:45:00 -04001415d9fc-cf3c-4b04-9766-debabf311183https://www.cisecurity.org/insights/blog/cybersecurity-hygiene-reinforced-by-the-2026-verizon-dbirThe 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today's top attacks.Fri, 05 Jun 2026 17:05:00 -040031f29496-916b-412f-8403-6f8927ae344dhttps://www.cisecurity.org/insights/blog/cis-benchmarks-may-2026-updateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.Mon, 18 May 2026 16:28:00 -0400a431b6ea-d830-4cea-b748-d0c634b54506https://www.cisecurity.org/insights/blog/securing-the-integration-protocolSecure the protocol layer of AI systems with the CIS MCP Companion Guide, covering authorization, tool access, and execution controls.Thu, 14 May 2026 15:10:00 -0400ca7e5cf3-1caf-4796-81e2-2749700f1461https://www.cisecurity.org/insights/blog/5-steps-to-help-secure-your-city-before-a-large-scale-eventHave a large-scale event coming up? Here are five mitigation measures as part of a comprehensive approach to secure your city.Tue, 12 May 2026 16:22:00 -0400f156ba0e-14ce-4c8e-a2ef-9443ed88b0adhttps://www.cisecurity.org/insights/blog/securing-agents-and-autonomous-behaviorLearn how the CIS AI Agent Companion Guide helps secure the agent layer of AI systems, governing autonomy, tool use, memory, and multi‑agent behavior.Tue, 12 May 2026 09:43:00 -04006e9e2ddc-edff-447e-97a8-9eca4167abfehttps://www.cisecurity.org/insights/blog/standing-strong-together-the-resilient-spirit-of-the-sltt-cybersecurity-communityMore than 5,000 in the U.S. SLTT cybersecurity community have affirmed their belief that collaboration in the MS-ISAC is essential. Read more.Mon, 04 May 2026 15:40:00 -040039d5717a-8bab-496d-930e-cd1b846c6c7ehttps://www.cisecurity.org/insights/blog/cis-benchmarks-april-2026-updateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark andFri, 01 May 2026 09:24:00 -040069f444d8-3c8a-4b2f-9fc7-97f3b92aeac6https://www.cisecurity.org/insights/blog/securing-ai-ecosystem-begins-model-layerDownload our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.Thu, 30 Apr 2026 08:59:00 -040005eac6a0-65de-4c06-a333-2ce4828a1e2dhttps://www.cisecurity.org/insights/blog/mythos-ai-what-actually-matters-for-cybersecurity-leadersAI‑driven vulnerability discovery as embodied in Mythos represents an increase in speed and volume. But it does not invalidate what works.Tue, 28 Apr 2026 12:09:00 -0400c87ab56f-a70b-454c-afe7-5d5c4da04a08https://www.cisecurity.org/insights/blog/applying-controls-real-world-ai-environmentsDownload our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.Tue, 21 Apr 2026 17:44:00 -0400e9786d6c-3f00-42e6-b303-ad96b9675436https://www.cisecurity.org/insights/blog/rsac-2026-impressions-from-tony-sagerAfter RSAC 2026 Conference, Tony Sager shares his reflections on the patterns and questions that stayed with him after the rush faded.Thu, 16 Apr 2026 13:54:00 -0400cdeaa5f7-d207-40df-925c-d81ddd229e54https://www.cisecurity.org/insights/blog/from-community-to-cloudCIS Benchmarks and CIS Hardened Images enable secure cloud deployment, reduce misconfigurations, and enforce consistent security baselines.Tue, 14 Apr 2026 09:10:00 -0400129f127a-2503-4f64-97c8-dc8af0d2f424https://www.cisecurity.org/insights/blog/macsync-stealer-campaign-impacting-us-sltt-macos-usersAn ongoing MacSync Stealer campaign is targeting macOS users in U.S. SLTT government organizations. Learn more by reading CIS CTI's analysis.Mon, 13 Apr 2026 09:30:00 -040059aa4617-fed9-4196-8c78-c490106fb487https://www.cisecurity.org/insights/blog/vimeo-themed-phishing-campaign-targeting-personal-dataCIS CTI has identified an ongoing Vimeo-themed phishing campaign impacting U.S. SLTTs. Read the team's analysis to learn how to stay safe.Mon, 06 Apr 2026 13:01:00 -0400286c3c93-7454-4663-8b47-0031714b5012https://www.cisecurity.org/insights/blog/irs-themed-phishing-granting-threat-actors-remote-accessThe CIS CTI team spotted an ongoing campaign targeting SLTT government entities with tax- and IRS-themed phishing lures. Take a closer look.Tue, 24 Mar 2026 14:33:00 -0400c3afa3a6-fbcd-42aa-9e11-50089cfedc9ahttps://www.cisecurity.org/insights/blog/rsac-2026-insights-from-tony-sagerAhead of RSAC 2026 Conference, Tony Sager shares his thoughts about upcoming sessions and how he navigates the conference. Tue, 17 Mar 2026 16:23:00 -0400efa51f55-2480-4cb3-96b9-00b9acfd40c7https://www.cisecurity.org/insights/blog/zphp-campaign-delivering-remcos-rat-impacting-slttsCIS CTI identified an ongoing ZPHP campaign impacting U.S. SLTTs that delivers the Remcos RAT. Find out how to defend your organization.Tue, 17 Mar 2026 16:23:00 -04009489a660-6006-49c9-89df-ead38b4dfa16https://www.cisecurity.org/insights/blog/2025-year-in-review-sustaining-cybersecurityCIS sustained vital protections despite funding cuts and rising multidimensional threats. Learn more by watching our 2025 Year in Review 2025 video.Mon, 16 Mar 2026 09:47:00 -0400b908adc9-db87-410a-a006-e09ef825c4f2https://www.cisecurity.org/insights/blog/cis-benchmarks-march-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for March 2026.Fri, 06 Mar 2026 10:06:00 -050049cbd51c-a931-4506-9578-330f86a8efadhttps://www.cisecurity.org/insights/blog/strengthening-software-assurance-across-government-systemsSecure by Design ultimately supports a broader public mission: delivering trustworthy, secure, and sustainable technology that citizens can rely on.Thu, 05 Mar 2026 17:03:00 -050040d4a027-9ff3-417a-87b6-68684e13edc3https://www.cisecurity.org/insights/blog/how-to-defend-against-irans-cyber-retaliation-playbookSecurity leaders must give equal weight to the cyber dimension following U.S.-Israeli kinetic activity against Iran. Here's our recommendations. Wed, 04 Mar 2026 13:54:00 -0500e7415caf-6dc7-4b2a-a014-e209ead490e5https://www.cisecurity.org/insights/blog/multiply-endpoint-securitys-force-at-your-public-utilityA public utility can multiply the force of endpoint security with a 24x7x365 protection and monitoring strategy. Read our blog to learn more.Fri, 20 Feb 2026 09:10:00 -050021690222-04f7-497f-accf-3785cd6264afhttps://www.cisecurity.org/insights/blog/upholding-us-sltt-resilience-with-affordable-servicesThe MS-ISAC bridges the U.S. SLTT resilience gap by offering under-resourced organizations access to affordable services. Read to learn more.Thu, 12 Feb 2026 09:40:00 -0500cc437313-dc84-4ef1-a2b9-d520a81be220https://www.cisecurity.org/insights/blog/cis-benchmarks-february-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for February 2026.Mon, 09 Feb 2026 12:09:00 -05003798ab15-2836-472a-993f-8e91dedff258https://www.cisecurity.org/insights/blog/top-10-malware-q4-2025Total malware notifications from MS-ISAC monitoring services increased 7% from Q3 to Q4 2025. Learn more by reading our Top 10 Malware list.Thu, 29 Jan 2026 09:14:00 -0500ccb04f12-df53-4a10-ae47-089a624648e3https://www.cisecurity.org/insights/blog/cis-hardened-images-aws-european-sovereign-cloudCIS Hardened Images are now in the AWS European Sovereign Cloud. Learn how this can help you to reduce risk, improve consistency, and more.Wed, 14 Jan 2026 09:46:00 -0500ec8b3064-bdc2-4d17-9808-190f01d1ffe6https://www.cisecurity.org/insights/blog/cis-benchmarks-january-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for January 2026.Mon, 12 Jan 2026 10:30:00 -0500235c2044-9720-432e-94ca-86f016cf6a62https://www.cisecurity.org/insights/blog/security-in-the-cloud-with-more-automationCIS is making security in the cloud even easier for you by releasing a CIS hardening component in EC2 Image Builder on Amazon Web Services (AWS).Wed, 07 Jan 2026 10:09:00 -050092cda704-dbe4-4b8d-afc2-8c8d5feaee7ehttps://www.cisecurity.org/insights/blog/cybersecurity-collaboration-for-the-us-sltt-communityThe MS-ISAC provides the only nationwide network dedicated to cybersecurity collaboration in the U.S. SLTT community. Read on to learn more.Fri, 26 Dec 2025 11:17:00 -0500f0837452-2a88-4e84-8258-093b8590634dhttps://www.cisecurity.org/insights/blog/malicious-crystal-pdf-converter-detected-on-sltt-networksIn October 2025, CIS CTI observed a rise in CIS MDR alerts associated with Crystal PDF on U.S. SLTT endpoints. Here's how to defend yourself.Wed, 24 Dec 2025 10:58:00 -050044d4f656-8a3b-459e-99ff-93eb250b7d2fhttps://www.cisecurity.org/insights/blog/cis-benchmarks-december-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for December 2025.Thu, 18 Dec 2025 12:31:00 -05007f6df795-5f59-40a0-bdcb-ee7e21a73358https://www.cisecurity.org/insights/blog/scale-linux-workload-security-on-azure-with-cis-benchmarksLooking to automate Azure Linux hardening and streamline hybrid security? Learn how to do it at scale with Azure OSConfig and the CIS Benchmarks.Tue, 16 Dec 2025 17:31:00 -05007a5b2e73-154b-4156-8e0b-ac46213cc581https://www.cisecurity.org/insights/blog/cis-benchmarks-update-november-2025The November 2025 CIS Benchmarks monthly update highlights the CIS Benchmarks and CIS Build Kits that have been updated or recently released.Wed, 19 Nov 2025 16:39:00 -05007e01025b-bc8a-4a13-ad0d-8336fcfca2c8https://www.cisecurity.org/insights/blog/control-assist-path-cyber-insurance-readiness-smbsCIS and CyberAcuView have launched Control Assist, an initiative designed to simplify cyber insurance and strengthen cybersecurity for SMBs.Wed, 19 Nov 2025 08:32:00 -0500417a7c7c-372f-4061-9408-05c045cbc6dchttps://www.cisecurity.org/insights/blog/impact-of-federal-funding-cuts-to-the-value-of-ms-isac-ctiThe adoption of a fee-based membership model has had minimal and in some aspects positive impact on MS-ISAC CTI. Read our blog to learn more.Mon, 17 Nov 2025 13:01:00 -0500b39a585b-ec80-4b86-be63-7a09bdbee611https://www.cisecurity.org/insights/blog/top-10-malware-q3-2025Total malware notifications from MS-ISAC monitoring services increased 38% from Q2 to Q3 2025. Learn more by reading our Top 10 Malware list.Fri, 14 Nov 2025 09:43:00 -0500eba94504-b2bc-4ccc-9b53-88bf80664affhttps://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictionsWhat does 2026 have in store for cybersecurity? Read our experts' 2026 cybersecurity predictions to find out and get planning.Fri, 31 Oct 2025 13:11:00 -04002c6d4a95-4ae4-4134-8cd6-b7f000537413https://www.cisecurity.org/insights/blog/cis-benchmarks-monthly-update-october-2025We've highlighted the major updates for CIS Benchmarks and CIS Build Kits in the Benchmarks Monthly Update for October 2025.Fri, 31 Oct 2025 09:06:00 -04009071096c-1ea5-4673-b911-4a29498cc57chttps://www.cisecurity.org/insights/blog/ms-isac-member-reported-phishing-likely-from-tycoon2fa-phaasThe CIS CTI team saw an uptick in member-submitted phishing emails in Q3 2025. Learn the overlap these emails have with the Tycoon2FA PhaaS kit.Wed, 29 Oct 2025 16:48:00 -0400b2dd865a-8be3-4295-9782-b9f916b04f0chttps://www.cisecurity.org/insights/blog/how-secure-by-design-helps-developers-build-secure-softwareSecure by Design offers practical, risk-based strategies for integrating security into the software development lifecycle.Tue, 28 Oct 2025 12:47:00 -0400c5c7b8d1-d915-44a5-9f49-b05d2269f5fahttps://www.cisecurity.org/insights/blog/clickfix-an-adaptive-social-engineering-techniqueThe CIS CTI tracked two ClickFix campaigns between January 2025 and October 2025. Learn more about them and how to defend yourself.Mon, 27 Oct 2025 09:47:00 -0400e57e4d2b-7dd8-4b3d-a650-e6f79a860381https://www.cisecurity.org/insights/blog/simplify-security-management-with-cis-securesuite-platformLooking to simplify security management and accelerate audits? Read our blog post to learn how our CIS SecureSuite Platform can help!Thu, 16 Oct 2025 10:39:00 -04004c631ec8-6352-407d-b360-1ad681cf201chttps://www.cisecurity.org/insights/blog/building-a-secure-cloud-foundation-for-healthcare-with-cisLearn how to accelerate your healthcare compliance with CIS Hardened Images and CIS SecureSuite for secure, audit-ready cloud environments.Tue, 14 Oct 2025 14:14:00 -040037a150b9-a360-41e7-bd66-7121939da1e0https://www.cisecurity.org/insights/blog/reasonable-cybersecurity-legal-theroy-practiceExplore how reasonable cybersecurity is evolving from a legal concept into a practical standard for protecting systems and consumer data.Wed, 24 Sep 2025 12:28:00 -040099a8f1e4-51cf-4641-9024-b2f2234304bdhttps://www.cisecurity.org/insights/blog/cis-helps-strengthen-cybersecurity-in-energy-and-utilitiesDiscover how CIS Benchmarks and CIS Controls help energy and utility companies strengthen cybersecurity across IT and OT environments.Tue, 23 Sep 2025 11:13:00 -0400e5f8ba7c-a947-46fc-a21e-702ae346e0b0https://www.cisecurity.org/insights/blog/cis-benchmarks-september-2025-updateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.Tue, 23 Sep 2025 09:59:00 -0400