The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has paused its decision to stop publishing routine cybersecurity alerts and advisories on its official website. The move follows strong backlash from the cybersecurity community.
On May 12, 2025, CISA announced it would discontinue updates to its “Cybersecurity Alerts & Advisories” webpage. Instead, it planned to share updates only through social media and email subscriptions. The agency said its website would focus solely on “urgent information tied to emerging threats or major cyber activity.”
“CISA wants this critical information to get the attention it deserves and ensure it is easier to find,” the agency stated in its announcement.
The change quickly raised concerns among cybersecurity professionals. Many rely on CISA’s feeds and tools for up-to-date threat intelligence. Services potentially affected included:
- The Known Exploited Vulnerabilities (KEV) Catalog JSON and CSV data feeds
- RSS feeds for alerts and advisories
- GitHub repositories with vulnerability data
- The centralized web-based alert system
Of particular concern was the instruction for users tracking the KEV catalog via RSS to switch to GovDelivery email subscriptions. Launched in 2021, the KEV catalog is a critical tool for identifying vulnerabilities actively exploited in the wild.
Experts warned that moving important threat data to social platforms and subscription-only channels could reduce visibility. Smaller organizations, which often lack dedicated threat intelligence teams, may struggle the most.
Just one day later, on May 13, CISA acknowledged the confusion and announced a pause to reevaluate its plans.
CISA’s data feeds and the KEV catalog are widely used in automated security workflows, including tools based on the Common Security Advisory Framework (CSAF). Any disruption could seriously impact security operations across many organizations.
