https://www.cisecurity.org/feed/blogIndustry news, product updates, videos, infographics, and more from CIS.enhttps://www.cisecurity.org/-/jssmedia/project/cisecurity/cisecurity/data/media/img/uploads/2020/04/cropped-cis-512x512-1-32x32.png?h=32&w=32&rev=023ed3a07d874562a4ebce861c4525f0https://www.cisecurity.org/feed/blog59aa4617-fed9-4196-8c78-c490106fb487https://www.cisecurity.org/insights/blog/vimeo-themed-phishing-campaign-targeting-personal-dataCIS CTI has identified an ongoing Vimeo-themed phishing campaign impacting U.S. SLTTs. Read the team's analysis to learn how to stay safe.Mon, 06 Apr 2026 13:01:00 -0400286c3c93-7454-4663-8b47-0031714b5012https://www.cisecurity.org/insights/blog/irs-themed-phishing-granting-threat-actors-remote-accessThe CIS CTI team spotted an ongoing campaign targeting SLTT government entities with tax- and IRS-themed phishing lures. Take a closer look.Tue, 24 Mar 2026 14:33:00 -0400c3afa3a6-fbcd-42aa-9e11-50089cfedc9ahttps://www.cisecurity.org/insights/blog/rsac-2026-insights-from-tony-sagerAhead of RSAC 2026 Conference, Tony Sager shares his thoughts about upcoming sessions and how he navigates the conference. Tue, 17 Mar 2026 16:23:00 -0400efa51f55-2480-4cb3-96b9-00b9acfd40c7https://www.cisecurity.org/insights/blog/zphp-campaign-delivering-remcos-rat-impacting-slttsCIS CTI identified an ongoing ZPHP campaign impacting U.S. SLTTs that delivers the Remcos RAT. Find out how to defend your organization.Tue, 17 Mar 2026 16:23:00 -04009489a660-6006-49c9-89df-ead38b4dfa16https://www.cisecurity.org/insights/blog/2025-year-in-review-sustaining-cybersecurityCIS sustained vital protections despite funding cuts and rising multidimensional threats. Learn more by watching our 2025 Year in Review 2025 video.Mon, 16 Mar 2026 09:47:00 -0400b908adc9-db87-410a-a006-e09ef825c4f2https://www.cisecurity.org/insights/blog/cis-benchmarks-march-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for March 2026.Fri, 06 Mar 2026 10:06:00 -050049cbd51c-a931-4506-9578-330f86a8efadhttps://www.cisecurity.org/insights/blog/strengthening-software-assurance-across-government-systemsSecure by Design ultimately supports a broader public mission: delivering trustworthy, secure, and sustainable technology that citizens can rely on.Thu, 05 Mar 2026 17:03:00 -050040d4a027-9ff3-417a-87b6-68684e13edc3https://www.cisecurity.org/insights/blog/how-to-defend-against-irans-cyber-retaliation-playbookSecurity leaders must give equal weight to the cyber dimension following U.S.-Israeli kinetic activity against Iran. Here's our recommendations. Wed, 04 Mar 2026 13:54:00 -0500e7415caf-6dc7-4b2a-a014-e209ead490e5https://www.cisecurity.org/insights/blog/multiply-endpoint-securitys-force-at-your-public-utilityA public utility can multiply the force of endpoint security with a 24x7x365 protection and monitoring strategy. Read our blog to learn more.Fri, 20 Feb 2026 09:10:00 -050021690222-04f7-497f-accf-3785cd6264afhttps://www.cisecurity.org/insights/blog/upholding-us-sltt-resilience-with-affordable-servicesThe MS-ISAC bridges the U.S. SLTT resilience gap by offering under-resourced organizations access to affordable services. Read to learn more.Thu, 12 Feb 2026 09:40:00 -0500cc437313-dc84-4ef1-a2b9-d520a81be220https://www.cisecurity.org/insights/blog/cis-benchmarks-february-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for February 2026.Mon, 09 Feb 2026 12:09:00 -05003798ab15-2836-472a-993f-8e91dedff258https://www.cisecurity.org/insights/blog/top-10-malware-q4-2025Total malware notifications from MS-ISAC monitoring services increased 7% from Q3 to Q4 2025. Learn more by reading our Top 10 Malware list.Thu, 29 Jan 2026 09:14:00 -0500ccb04f12-df53-4a10-ae47-089a624648e3https://www.cisecurity.org/insights/blog/cis-hardened-images-aws-european-sovereign-cloudCIS Hardened Images are now in the AWS European Sovereign Cloud. Learn how this can help you to reduce risk, improve consistency, and more.Wed, 14 Jan 2026 09:46:00 -0500ec8b3064-bdc2-4d17-9808-190f01d1ffe6https://www.cisecurity.org/insights/blog/cis-benchmarks-january-2026-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for January 2026.Mon, 12 Jan 2026 10:30:00 -0500235c2044-9720-432e-94ca-86f016cf6a62https://www.cisecurity.org/insights/blog/security-in-the-cloud-with-more-automationCIS is making security in the cloud even easier for you by releasing a CIS hardening component in EC2 Image Builder on Amazon Web Services (AWS).Wed, 07 Jan 2026 10:09:00 -050092cda704-dbe4-4b8d-afc2-8c8d5feaee7ehttps://www.cisecurity.org/insights/blog/cybersecurity-collaboration-for-the-us-sltt-communityThe MS-ISAC provides the only nationwide network dedicated to cybersecurity collaboration in the U.S. SLTT community. Read on to learn more.Fri, 26 Dec 2025 11:17:00 -0500f0837452-2a88-4e84-8258-093b8590634dhttps://www.cisecurity.org/insights/blog/malicious-crystal-pdf-converter-detected-on-sltt-networksIn October 2025, CIS CTI observed a rise in CIS MDR alerts associated with Crystal PDF on U.S. SLTT endpoints. Here's how to defend yourself.Wed, 24 Dec 2025 10:58:00 -050044d4f656-8a3b-459e-99ff-93eb250b7d2fhttps://www.cisecurity.org/insights/blog/cis-benchmarks-december-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for December 2025.Thu, 18 Dec 2025 12:31:00 -05007f6df795-5f59-40a0-bdcb-ee7e21a73358https://www.cisecurity.org/insights/blog/scale-linux-workload-security-on-azure-with-cis-benchmarksLooking to automate Azure Linux hardening and streamline hybrid security? Learn how to do it at scale with Azure OSConfig and the CIS Benchmarks.Tue, 16 Dec 2025 17:31:00 -05007a5b2e73-154b-4156-8e0b-ac46213cc581https://www.cisecurity.org/insights/blog/cis-benchmarks-update-november-2025The November 2025 CIS Benchmarks monthly update highlights the CIS Benchmarks and CIS Build Kits that have been updated or recently released.Wed, 19 Nov 2025 16:39:00 -05007e01025b-bc8a-4a13-ad0d-8336fcfca2c8https://www.cisecurity.org/insights/blog/control-assist-path-cyber-insurance-readiness-smbsCIS and CyberAcuView have launched Control Assist, an initiative designed to simplify cyber insurance and strengthen cybersecurity for SMBs.Wed, 19 Nov 2025 08:32:00 -0500417a7c7c-372f-4061-9408-05c045cbc6dchttps://www.cisecurity.org/insights/blog/impact-of-federal-funding-cuts-to-the-value-of-ms-isac-ctiThe adoption of a fee-based membership model has had minimal and in some aspects positive impact on MS-ISAC CTI. Read our blog to learn more.Mon, 17 Nov 2025 13:01:00 -0500b39a585b-ec80-4b86-be63-7a09bdbee611https://www.cisecurity.org/insights/blog/top-10-malware-q3-2025Total malware notifications from MS-ISAC monitoring services increased 38% from Q2 to Q3 2025. Learn more by reading our Top 10 Malware list.Fri, 14 Nov 2025 09:43:00 -0500eba94504-b2bc-4ccc-9b53-88bf80664affhttps://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictionsWhat does 2026 have in store for cybersecurity? Read our experts' 2026 cybersecurity predictions to find out and get planning.Fri, 31 Oct 2025 13:11:00 -04002c6d4a95-4ae4-4134-8cd6-b7f000537413https://www.cisecurity.org/insights/blog/cis-benchmarks-monthly-update-october-2025We've highlighted the major updates for CIS Benchmarks and CIS Build Kits in the Benchmarks Monthly Update for October 2025.Fri, 31 Oct 2025 09:06:00 -04009071096c-1ea5-4673-b911-4a29498cc57chttps://www.cisecurity.org/insights/blog/ms-isac-member-reported-phishing-likely-from-tycoon2fa-phaasThe CIS CTI team saw an uptick in member-submitted phishing emails in Q3 2025. Learn the overlap these emails have with the Tycoon2FA PhaaS kit.Wed, 29 Oct 2025 16:48:00 -0400b2dd865a-8be3-4295-9782-b9f916b04f0chttps://www.cisecurity.org/insights/blog/how-secure-by-design-helps-developers-build-secure-softwareSecure by Design offers practical, risk-based strategies for integrating security into the software development lifecycle.Tue, 28 Oct 2025 12:47:00 -0400c5c7b8d1-d915-44a5-9f49-b05d2269f5fahttps://www.cisecurity.org/insights/blog/clickfix-an-adaptive-social-engineering-techniqueThe CIS CTI tracked two ClickFix campaigns between January 2025 and October 2025. Learn more about them and how to defend yourself.Mon, 27 Oct 2025 09:47:00 -0400e57e4d2b-7dd8-4b3d-a650-e6f79a860381https://www.cisecurity.org/insights/blog/simplify-security-management-with-cis-securesuite-platformLooking to simplify security management and accelerate audits? Read our blog post to learn how our CIS SecureSuite Platform can help!Thu, 16 Oct 2025 10:39:00 -04004c631ec8-6352-407d-b360-1ad681cf201chttps://www.cisecurity.org/insights/blog/building-a-secure-cloud-foundation-for-healthcare-with-cisLearn how to accelerate your healthcare compliance with CIS Hardened Images and CIS SecureSuite for secure, audit-ready cloud environments.Tue, 14 Oct 2025 14:14:00 -040037a150b9-a360-41e7-bd66-7121939da1e0https://www.cisecurity.org/insights/blog/reasonable-cybersecurity-legal-theroy-practiceExplore how reasonable cybersecurity is evolving from a legal concept into a practical standard for protecting systems and consumer data.Wed, 24 Sep 2025 12:28:00 -040099a8f1e4-51cf-4641-9024-b2f2234304bdhttps://www.cisecurity.org/insights/blog/cis-helps-strengthen-cybersecurity-in-energy-and-utilitiesDiscover how CIS Benchmarks and CIS Controls help energy and utility companies strengthen cybersecurity across IT and OT environments.Tue, 23 Sep 2025 11:13:00 -0400e5f8ba7c-a947-46fc-a21e-702ae346e0b0https://www.cisecurity.org/insights/blog/cis-benchmarks-september-2025-updateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.Tue, 23 Sep 2025 09:59:00 -0400e3dbb61e-2732-42ef-a4ad-735eacc9c19ahttps://www.cisecurity.org/insights/blog/qilin-top-ransomware-threat-to-sltts-in-q2-2025In Q2 2025, Qilin became the most active ransomware targeting U.S. SLTT government entities. Read the CIS CTI team's analysis to learn more.Thu, 11 Sep 2025 09:33:00 -0400cc1fa3f1-d66a-47b6-928c-d01da5ca5f62https://www.cisecurity.org/insights/blog/top-external-network-risks-how-fix-themLearn about the top external network risks and recommendations to harden configurations from the CIS Cyber Threat Intelligence team.Wed, 27 Aug 2025 09:33:00 -04003725357f-e8ce-43ef-80b0-2fc97d5f37fahttps://www.cisecurity.org/insights/blog/cis-controls-ambassador-spotlight-eric-woodardThe CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.Thu, 21 Aug 2025 10:07:00 -0400e81b2958-5f9a-4689-b87e-c57d04b2ab74https://www.cisecurity.org/insights/blog/cis-benchmarks-august-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for August 2025.Tue, 19 Aug 2025 10:16:00 -0400ca6c7ecc-36b3-4bdb-847b-47e4324ee44ahttps://www.cisecurity.org/insights/blog/5-cyber-questions-sheriffs-and-police-chiefs-should-askCyber threat actors continue to target law enforcement agencies. Here are five cyber questions LE executives can ask to evaluate their defenses.Thu, 14 Aug 2025 09:34:00 -04007e01e359-9f09-4855-99ff-2c5d9cfc4d2dhttps://www.cisecurity.org/insights/blog/critical-infrastructure-caught-botnetCyber threat actors frequently use a botnet in their efforts to target U.S. critical infrastructure. Read on for how to defend your networks.Thu, 14 Aug 2025 09:34:00 -04004f845844-d0f3-418a-93b5-f9b5d9ef3c06https://www.cisecurity.org/insights/blog/applying-cis-benchmarks-harden-windows-11-vdi-systemsLearn how the CIS IT team successfully implemented CIS Benchmarks in a Virtual Desktop Infrastructure (VDI) environment—specifically focusing on Windows 11.Wed, 13 Aug 2025 15:02:00 -04006f140547-7e81-4bcc-ba8e-0b4b766bfb78https://www.cisecurity.org/insights/blog/introducing-the-cis-controls-oscal-repositoryAutomation for Controls: Meet OSCAL, the Open Security Controls Assessment Language OSCAL, also known as the Open Security Controls Assessment.Thu, 24 Jul 2025 14:59:00 -0400d069fdb5-5de6-4cfa-ae99-ddec08ea2580https://www.cisecurity.org/insights/blog/top-10-malware-q2-2025Total malware notifications from MS-ISAC monitoring services decreased 18% from Q1 2025 to Q2 2025. Read our Top 10 Malware Q2 2025 for more.Fri, 18 Jul 2025 09:27:00 -04003a1b6889-5378-40fb-993c-89293769b462https://www.cisecurity.org/insights/blog/cis-benchmarks-july-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for July 2025.Tue, 08 Jul 2025 14:49:00 -0400f2a1f822-cbfd-4a86-b807-8a7e37c87156https://www.cisecurity.org/insights/blog/what-makes-cis-hardened-images-secure-enough-for-the-us-icHow do U.S. IC organizations strengthen their cloud security in a way that meets their needs? See how the CIS Hardened Images® can help.Mon, 30 Jun 2025 16:37:00 -040045a77931-4a22-4f1e-b773-9f95a844b845https://www.cisecurity.org/insights/blog/lay-a-cybersecurity-foundation-and-master-cis-controls-ig1Today’s digital threats don’t discriminate by size or sector. Building a solid cybersecurity foundation is no longer optional—it’s essential. Fri, 13 Jun 2025 14:28:00 -040060f1cb1b-053e-4161-af87-b4936b59a03dhttps://www.cisecurity.org/insights/blog/cis-benchmarks-june-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for June 2025.Wed, 11 Jun 2025 14:27:00 -0400e80c73c2-a014-4aca-8d86-ad35bcc50cc9https://www.cisecurity.org/insights/blog/how-threat-modeling-actor-attribution-grow-cyber-defensesWant to enhance your threat modeling? By combining it with threat actor attribution, you can improve your cyber defenses. Read on to learn more.Thu, 15 May 2025 09:37:00 -040025baae81-1ed9-4e21-9e0d-d989b3821827https://www.cisecurity.org/insights/blog/cis-benchmarks-may-2025-updateHere is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for May 2025.Mon, 05 May 2025 09:44:00 -0400735b449f-4bee-4896-a5eb-b17b75504f3chttps://www.cisecurity.org/insights/blog/top-10-malware-q1-2025In Q1 2025, the Top 10 Malware observed via the MS-ISAC® changed slightly from the previous quarter. Read our blog post to learn more.Wed, 23 Apr 2025 13:59:00 -0400939915a7-e117-4e13-87c2-5fd9619a773fhttps://www.cisecurity.org/insights/blog/hacktivist-group-dienet-claims-ddos-attacks-against-u-s-c-n-iDieNet is a hacktivist group that's claimed DDoS attacks against U.S. critical infrastructure. Read on to learn its ideology and attack activity.Wed, 16 Apr 2025 16:28:00 -0400