VulnHub

Real-time Cybersecurity News

CISA orders federal agencies to replace end-of-life edge devices

BleepingComputer
Critical

Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies must identify and remove outdated network edge devices that no longer receive security updates from their manufacturers. This directive is critical because such devices can pose significant security risks if they are not regularly updated to protect against vulnerabilities. Edge devices, which connect internal networks to external ones, can be entry points for attackers if they are not properly maintained. The CISA's move aims to bolster the security posture of federal networks by ensuring that all devices are up-to-date and protected against known threats. Agencies are now required to take action to ensure compliance with this directive to safeguard sensitive data and maintain national security.

Key Takeaways

  • Affected Systems: Network edge devices that are end-of-life and no longer supported by manufacturers
  • Action Required: Agencies should identify all end-of-life devices and replace them with supported models that receive regular security updates.
  • Timeline: Newly disclosed

Original Article Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. [...]

Impact

Network edge devices that are end-of-life and no longer supported by manufacturers

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Agencies should identify all end-of-life devices and replace them with supported models that receive regular security updates.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

DHS privacy probe will focus on biometric tracking by ICE, OBIM

CyberScoop

The Department of Homeland Security (DHS) is facing a privacy investigation that will focus on the use of biometric tracking by its Immigration and Customs Enforcement (ICE) and the Office of Biometric Identity Management (OBIM). Auditors have indicated that the probe might expand to other DHS components, examining how the agency utilizes biometric markers in immigration enforcement activities. This scrutiny comes as concerns grow over privacy rights and the implications of increased surveillance. The outcome of this investigation could impact DHS's practices and policies regarding biometric data collection and usage, raising questions about transparency and accountability in immigration enforcement.

Feb 6, 2026

Anthropic: Latest Claude model finds more than 500 vulnerabilities

SCM feed for Latest

Anthropic, an AI company, has reported that its latest Claude model has identified over 500 vulnerabilities in various software systems. These vulnerabilities were carefully validated by human researchers to ensure that no false positives slipped through. This kind of thorough analysis is crucial because it helps organizations pinpoint and address security weaknesses before they can be exploited. The findings emphasize the ongoing need for vigilance in software security, as even established systems can harbor significant vulnerabilities. Companies using affected software should take immediate steps to assess their systems and apply necessary updates or patches to mitigate potential risks.

Feb 6, 2026

CISA gives federal agencies one year to replace outdated edge devices

SCM feed for Latest

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal agencies upgrade their outdated edge devices within the next year. This initiative is in response to concerns over the security weaknesses posed by aging network infrastructure, which could leave federal systems vulnerable to cyberattacks. Experts have long warned that outdated technology can create entry points for attackers, potentially compromising sensitive government data. By enforcing this requirement, CISA aims to bolster the overall security posture of federal networks and reduce risks associated with legacy systems. The move reflects a growing recognition of the need for modern, secure technology in government operations.

Feb 6, 2026

How to use Lockdown Mode: The extreme iPhone security feature that foiled even the FBI

Latest news

Lockdown Mode is a security feature for iPhones designed to protect users from cyber attacks and prevent forensic tools from accessing data after a device is seized by authorities. This mode is particularly useful for individuals who may be at risk of targeted attacks, such as journalists, activists, or those in sensitive positions. By activating Lockdown Mode, users enhance their privacy and security, making it significantly harder for anyone to extract information from their devices. The feature gained attention after reportedly thwarting attempts by law enforcement, including the FBI, to access iPhones during investigations. This highlights the ongoing battle between personal privacy and law enforcement access to digital data, raising important questions about the balance between security and individual rights.

Feb 6, 2026

DKnife Linux toolkit hijacks router traffic to spy, deliver malware

BleepingComputer

The DKnife toolkit has been in use since 2019, allowing attackers to hijack traffic from edge devices to spy on users and deliver malware. This toolkit targets routers and other network devices, making it a significant threat to both individuals and organizations that rely on these systems for internet connectivity. By intercepting data, attackers can monitor communications and potentially steal sensitive information. The ongoing use of DKnife illustrates the persistent risks posed by advanced cyber espionage techniques. Users and companies need to be vigilant about securing their network devices to prevent such intrusions.

Feb 6, 2026

CISA warns of SmarterMail RCE flaw used in ransomware attacks

BleepingComputer

The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability, identified as CVE-2026-24423, in SmarterMail. This flaw allows for unauthenticated remote code execution (RCE), which means attackers could potentially take control of affected systems without needing any prior authentication. This vulnerability has already been leveraged in ransomware attacks, posing significant risks to users and organizations running SmarterMail. Users are urged to take immediate action to secure their systems, as the flaw could lead to severe data breaches and operational disruptions. The urgency of this warning stems from the active exploitation of the flaw in the wild, highlighting the need for prompt remediation.

Feb 6, 2026