CISA Pauses Web Alert Changes After Cybersecurity Pushback

The US Cybersecurity and Infrastructure Security Agency (CISA) has paused its plan to stop publishing cybersecurity alerts and advisories on its official website. The decision follows widespread concern among cybersecurity professionals after CISA's May 12, 2025, announcement regarding the transition to exclusive distribution through social media and email subscriptions.

“CISA wants this critical information to get the attention it deserves and ensure it is easier to find,” says the agency in its initial communication.

The decision aimed to restructure how CISA disseminates cybersecurity information by removing routine alerts from its public-facing "Cybersecurity Alerts & Advisories" webpage. The agency stated it would limit the use of the page to “urgent information tied to emerging threats or major cyber activity.” All other communications would be distributed via email subscriptions through CISA.gov and the agency's official social media accounts, including @CISACyber on X.

The announcement prompted immediate concern across the cybersecurity sector. Industry stakeholders emphasized that the proposed changes would impact access to several critical data services, according to Cybersecurity News. These include the JSON and CSV data feeds from the Known Exploited Vulnerabilities (KEV) catalog, RSS feeds for advisories, GitHub repositories containing vulnerability data, and the centralized web-based alert system.

Introduced in 2021, the KEV catalog is widely used by security teams to monitor actively exploited vulnerabilities. Organizations have integrated this data into automation tools and workflows using formats like the Common Security Advisory Framework (CSAF). Any disruption to these feeds could result in decreased operational visibility, especially for small and medium-sized enterprises lacking specialized threat intelligence resources. 

CISA directed users relying on RSS-based KEV catalog updates to transition to the GovDelivery subscription model. While technically feasible, this shift raised concerns about limiting accessibility and transparency by placing key vulnerability notifications behind subscriber-only channels.

On May 13, CISA responded to the cybersecurity community’s feedback by pausing the implementation of its new communication strategy. The agency acknowledged the confusion and stated it would reassess the approach to ensure clarity and continued service effectiveness.

This pause underscores the importance of maintaining continuity in threat intelligence dissemination, especially in an evolving cybersecurity landscape marked by increasing attack sophistication and real-time response requirements, reports GB Hackers.

Security professionals are advised to monitor both legacy and new information channels to maintain uninterrupted access to threat intelligence. Further updates from CISA are expected as the agency refines its strategy based on stakeholder input and operational requirements.