CISA reverses course: vulnerability warnings stay untouched for the time being

Contents

The US cybersecurity authority CISA is continuing to tighten its information offerings for the security community. Now, it is scaling back a website that bundled CISA alerts and security notifications and offered RSS feeds. If you want to continue receiving the alerts, you have to get them from social media or register with a US government alert service. The reason given by CISA is that it wants to guarantee that truly urgent warnings receive the necessary attention.

In an announcement published on May 12, the US cybersecurity authority also cited user feedback as another reason for the change. The announcement only vaguely mentions the exact categories of warning messages affected: “Cybersecurity updates and the publication of new instructions” would no longer be published in the overview. These are likely to include security advisories, but also detailed analyses and recommendations for action for US authorities.

However, the content will not disappear completely – it will simply be placed less prominently. However, CISA will attach more importance to its presence on Platform X in the future: The @CISACyber account will provide interested parties with “expeditious cybersecurity updates,” the agency explains.

(A)KüFi: No more KEV via RSS

The “Known Exploited Vulnerabilities” (KEV) catalog is also affected by the changes. It loses its prominent position on the CISA overview page, where the authority published every new addition to the catalog until May 7, 2025. In addition, the known vulnerabilities will be removed from the authority's RSS feeds, which could disrupt the workflows of some security experts and tools. If you want to keep up to date with known vulnerabilities, there is still a JSON and a CSV version of the “Known Exploited Vulnerabilities” in addition to the X view. The latter are particularly suitable for further processing in scripts and automated processes.

For those who prefer to receive security notifications by email, CISA recommends registering with the central mail portal “Govdelivery” and subscribing to its notifications. The operator of the Mastodon server “infosec.exchange” has built a bot based on this mail distribution list: @cisareflector@infosec.exchange will forward emails from the CISA mailing list to the Fediverse.

Coincidence? No prominent alarm for Signalgate vulnerability

The first vulnerability that didn't make it to the CISA alert page has gained worldwide fame. CVE-2025-47729 has caused a stir recently and cost Trump's security advisor Mike Waltz his job. The vulnerability in the Signal alternative “TeleMessage TM SGNL” allowed attackers to steal sensitive data from the US government and various authorities twice. It remains unclear whether the CISA changeover came into effect at the same time as this entry in the KEV by chance or by design.

EU database now officially launched

The measure comes in the context of what has been described as a “refocusing” of CISA, which Secretary of Homeland Security Kristi Noem has ordered to return to the protection of critical infrastructure in the face of vehement criticism from the incumbent US President. Redundancies and the halting of infrastructure projects such as the CVE list have also been on CISA's austerity agenda in recent months.

The EU's own vulnerability database, the EUVD, which went online in mid-April in the wake of the CVE confusion, is now officially launched: on 13 May, the European Commission announced the launch of the EUVD in a press release and emphasized its role in strengthening the EU's digital sovereignty.

(cku)