CISA orders agencies to patch and replace end-of-life devices, citing active exploitation

CISA has identified widespread exploitation of unsupported, internet-facing edge devices by advanced threat actors—some with alleged nation-state ties—and issued a binding operational directive requiring federal agencies to inventory, update, and remove end-of-support edge devices within specified deadlines to mitigate a substantial and ongoing risk to federal networks.