On May 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) announced a significant change in its communication strategy: the agency will cease posting routine cybersecurity alerts and advisories on its official website. Instead, CISA plans to disseminate this information exclusively through social media platforms and email subscriptions. The agency stated that the Cybersecurity Alerts & Advisories webpage will now be reserved solely for urgent information tied to emerging threats or major cyber activity.
This decision has raised concerns within the cybersecurity community. Many professionals rely on CISA’s centralized web-based alert system for timely threat intelligence. The proposed changes could disrupt several critical services, including:
– The Known Exploited Vulnerabilities (KEV) Catalog JSON and CSV data feeds
– RSS feeds for various advisories
– GitHub repositories containing vulnerability data
Of particular concern is the directive for users who track the KEV catalog through RSS feeds to subscribe to the KEV subscription topic through GovDelivery to continue receiving notifications. The KEV catalog, launched in 2021, has become an essential resource for defenders tracking actively exploited vulnerabilities in the wild.
Security professionals argue that moving essential threat data behind subscription models and social media platforms could hinder visibility, especially for smaller organizations lacking dedicated threat intelligence resources. By May 13, just one day after the initial announcement, CISA acknowledged the confusion and announced a pause to reassess its approach.
CISA’s KEV catalog and associated data feeds have been integrated into numerous security workflows and automation tools through formats like the Common Security Advisory Framework (CSAF), making any disruption potentially significant for security operations.
