Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]

CISA BlueHammer (CVE-2026-33825)

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must identify and replace devices that no longer receive security updates from manufacturers within the next 12 to 18 months to reduce cyber risks and improve infrastructure security.

The directive requires Federal Civilian Executive Branch (FCEB) agencies to take specific actions to drive down technical debt and minimize the risk of compromise.” reads the advisory published by the U.S. Cybersecurity and Infrastructure Security Agency. “Within a specified timeframe, FCEB agencies must strengthen asset lifecycle management for active edge devices and remove any hardware and software devices that is no longer supported by its original equipment manufacturer. ”

The agency warns that threat actors increasingly target unsupported edge devices that sit at the network perimeter and no longer receive security updates. To reduce this risk, CISA requires federal agencies to inventory all edge devices, report those that are end-of-support, update or replace them with supported versions, remove unsupported hardware from networks, and adopt strong lifecycle management to continuously track device status.

“Unsupported devices pose a serious risk to federal systems and should never remain on enterprise networks,” said CISA Acting Director Madhu Gottumukkala. “When the threat landscape demands decisive action, CISA will direct FCEB agencies to strengthen cyber resilience and build a stronger, safer digital infrastructure for America’s future. CISA strongly encourages non-federal organizations to adopt similar actions to strengthen the security of their edge devices.”

CISA says strong cyber hygiene starts by removing unsupported edge devices. Managing asset lifecycles and retiring end-of-support technology reduces risk and improves resilience across government and beyond. As agencies carry out the directive, CISA will track compliance, review progress, and provide support as needed. The agency also clarified that edge devices include firewalls, routers, switches, load balancers, wireless access points, IoT edge devices, SDN components, and other network systems that route traffic and hold privileged access.

“Practicing good cyber hygiene starts with eliminating unsupported edge devices,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “Driving timely risk reduction across the federal enterprise is critical, but true impact comes when all organizations commit to the same goal. By proactively managing asset lifecycles and removing end-of-support technology, we can collectively strengthen resilience and protect the global digital ecosystem.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, edge network devices)