Skip to main content

CISA

Cybersecurity reports and statistics published by CISA

8 categories1 reports

Research Reports

Reports and publications from CISA

Recent Statistics & Reports

Most security.txt files were hosted on port 443 (46%), while 18% were on unsecured ports like 80 and another 18% were on pots like 8080 that are not as safe but can be configured manually to support the necessary encryption.

1/1/2025
security.txtPort 443

SMB vulnerabilities declined by 72%, while RPC accounted for 92% of all exploitable service tickets.

1/1/2025
SMBVulnerabilities

Government Services and Facilities had the highest exposure to publicly accessible OT (Operational Technology) protocols, with 63% exposure.

1/1/2025
OTGovernment

58% of KEVs were linked to open-source software vulnerabilities, particularly PHP and Apache.

1/1/2025
KEV

The CISA Known Exploited Vulnerabilities (KEV) Catalog recorded 1,199 KEVs as of August 31, 2024.

1/1/2025
KEV

Outdated SSL and TLS encryption misconfigurations declined, with the average misconfiguration ratio per enrollee dropping from 3.8 to 2.5.

1/1/2025
SSLTLS

Email security adoption showed strong progress, with 89% of organizations implementing DMARC (Domain-based Message Authentication, Reporting & Conformance).

1/1/2025
Email securityDMARC

Email security adoption showed strong progress, with 7% of organizations implementing both DMARC and SPF (Sender Policy Framework).

1/1/2025
Email securityDMARCSPF

Federal organizations saw a 60% decline in exploitable service instances.

1/1/2025
Exploitable servicesFederal

Cisco-related vulnerabilities accounted for 9.8% of all observed KEVs.

1/1/2025
KEV

Over 7,400 Common Vulnerabilities and Exposures (CVEs) were detected on cloud systems hosting security.txt files from insecure versions exposed to the internet as of September 2024.

1/1/2025
CloudCVEs

Showing 21-31 of 31 results