CISA updated ransomware intel on 59 bugs last year without telling defenders

On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.

"Frustrated" by the agency failing to notify defenders when key pieces of intel change, Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, counted the number of missed opportunities to potentially stop ransomware attacks last year.

CISA maintains its Known Exploited Vulnerability (KEV) catalog and populates it on a near-daily basis with details about the vulnerabilities attackers are exploiting to successfully gain access to victims' networks.

The purpose of the catalog is to identify the most serious vulnerabilities at any given time, and inform defenders, especially those working for federal agencies, about which bugs should be prioritized.

One of the features of the catalog is that it indicates whether or not CISA is aware of a given ...