HEADLINES Bleeping Computer

CISA retires 10 emergency cyber orders in rare bulk closure

By Lawrence Abrams
January 8, 2026
10:46 PM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01.

CISA said this is the largest number of Emergency Directives it has closed at one time.

"By statute, CISA issues Emergency Directives to rapidly mitigate emerging threats and to minimize the impact by limiting directives to the shortest time possible," explains CISA.

"Following a comprehensive review of all active directives, CISA determined that required actions have been successfully implemented or are now encompassed through Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities. "

Binding Operational Directive 22-01 uses the agency's Known Exploited Vulnerabilities (KEV) catalog to alert federal civilian agencies of actively exploited flaws and when systems must be patched against them.

Emergency Directives are meant to address urgent risks and remain in place only as long as needed.

The complete list of Emergency Directives closed today is:

• ED 19-01: Mitigate DNS Infrastructure Tampering
• ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
• ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
• ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
• ED 21-01: Mitigate SolarWinds Orion Code Compromise
• ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
• ED 21-04: Mitigate Windows Print Spooler Service Vulnerability
• ED 22-03: Mitigate VMware Vulnerabilities
• ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Many of those directives addressed vulnerabilities that were exploited quickly and are now part of CISA's KEV catalog.

Under BOD 22-01, federal civilian agencies are required to patch vulnerabilities listed in the KEV catalog by specific dates set by CISA. By default, agencies have up to six months to fix flaws assigned to CVEs before 2021, with newer flaws fixed within two weeks.

However, CISA can set significantly shorter patching timelines when deemed high risk.

In a recent example, agencies were required to patch Cisco devices affected by the actively exploited CVE-2025-20333 and CVE-2025-20362 vulnerabilities within one day.

Related Articles:

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

MITRE shares 2025's top 25 most dangerous software weaknesses

Trend Micro warns of critical Apex Central RCE vulnerability

Trend Micro fixes actively exploited remote code execution bug

VMware ESXi zero-days likely exploited a year before disclosure

Latest Articles

• 
  Microsoft, Software

  Microsoft is retiring 'Send to Kindle' in Word

  Microsoft is retiring a feature that allowed you to send your documents to Kindle straight from Microsoft Word.

  • Mayank Parmar
  • January 10, 2026
  • 07:29 PM
  • 0
• 
  Security

  BreachForums hacking forum database leaked, exposing 324,000 accounts

  The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online.

  • Lawrence Abrams
  • January 10, 2026
  • 01:17 PM
  • 0
• 

  5 Critical Microsoft 365 Security Settings You Could Be Missing

  A checklist for securing Microsoft 365.

  Set it and forget it? Not when it comes to Microsoft 365 security. This guide covers essential steps you can take to improve your security posture today. Review these 5 key settings on a regular basis to avoid identity security risks.

  • Nudge Security Sponsorship
• 
  Security

  Spain arrests 34 suspects linked to Black Axe cyber crime

  Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe.

  • Bill Toulas
  • January 10, 2026
  • 10:17 AM
  • 0
• 
  Deals

  Use the most popular AI model for a one-time $75 payment

  1min.AI gathers many of today's best AI models into one clean, powerful platform, and with this lifetime plan, you only pay once. Don't miss a lifetime of the 1min.AI Advanced Business Plan while it's just $74.97 (MSRP $540) for a limited time.

  • BleepingComputer Deals
  • January 10, 2026
  • 08:11 AM
  • 0
• 
  Security

  Ireland recalls almost 13,000 passports over missing 'IRL' code

  Ireland's Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect. The printing error makes the documents non-compliant with international travel standards and potentially unreadable at automated border gates.

  • Ax Sharma
  • January 10, 2026
  • 05:27 AM
  • 0
• 
  Artificial Intelligence, Technology

  Anthropic: Viral Claude “Banned and reported to authorities” message isn’t real

  Anthropic has denied reports of banning legitimate accounts, after a viral post on X claimed the creator of Claude had banned a user.

  • Mayank Parmar
  • January 09, 2026
  • 07:06 PM
  • 0
• 
  Artificial Intelligence, Technology

  ChatGPT tests a new feature to find jobs, improve your resume, and more

  OpenAI is testing "Jobs," a new feature that could help you explore roles, improve your resume, and plan your career. This feature is being tested after ChatGPT gained support for the Health dashboard.

  • Mayank Parmar
  • January 09, 2026
  • 06:23 PM
  • 2
• 
  Microsoft

  Microsoft may soon allow IT admins to uninstall Copilot

  Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices.

  • Sergiu Gatlan
  • January 09, 2026
  • 03:34 PM
  • 3
• 
  Security, Artificial Intelligence

  Hackers target misconfigured proxies to access paid LLM services

  Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services.

  • Bill Toulas
  • January 09, 2026
  • 02:56 PM
  • 0
• 
  Security

  Illinois Department of Human Services data breach affects 700K people

  The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings.

  • Sergiu Gatlan
  • January 09, 2026
  • 10:37 AM
  • 0
• 
  Security

  Email security needs more seatbelts: Why click rate is the wrong metric

  Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics.

  • Material Security
  • January 09, 2026
  • 10:01 AM
  • 0
• 
  Security

  Illinois man charged with hacking Snapchat accounts to steal nude photos

  U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online.

  • Sergiu Gatlan
  • January 09, 2026
  • 08:46 AM
  • 1
• 
  Deals

  Build your IT foundation with beginner-friendly courses for $29.99

  Building a foundation in IT and cybersecurity is important in today's job market. The 2025 Entry Level IT & Cybersecurity Certification Bundle does exactly that. It packages eight beginner-friendly courses that cover computing basics, networking essentials, and introductory security skills — all for $29.99 (MSRP $160).

  • BleepingComputer Deals
  • January 09, 2026
  • 07:05 AM
  • 0
• 
  Security

  Trend Micro warns of critical Apex Central RCE vulnerability

  Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges.

  • Sergiu Gatlan
  • January 09, 2026
  • 05:40 AM
  • 0

Google, Artificial Intelligence

Gmail's new AI Inbox uses Gemini, but Google says it won’t train AI on user emails

Google says it's rolling out a new feature called 'AI Inbox,' which summarizes all your emails, but the company promises it won't train its models on your emails.

• Mayank Parmar
• January 08, 2026
• 06:46 PM
• 6

Security

New China-linked hackers breach telcos using edge device exploits

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe.

• Bill Toulas
• January 08, 2026
• 06:39 PM
• 0

Security

FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs

The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert.

• Bill Toulas
• January 08, 2026
• 05:57 PM
• 0

Artificial Intelligence, Technology

xAI teases major Grok upgrade, hints at Grok Code CLI

Elon Musk-backed xAI has been missing in action for a while now, but today, Musk teased a major upgrade for Grok alongside new products.

• Mayank Parmar
• January 08, 2026
• 05:43 PM
• 2

Security

VMware ESXi zero-days likely exploited a year before disclosure

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known.

• Bill Toulas
• January 08, 2026
• 04:27 PM