By the end of the year, the Cybersecurity and Infrastructure Security Agency plans to launch an automated vulnerability warning program to alert organizations that are running software with vulnerabilities being exploited by ransomware gangs, the agency’s director, Jen Easterly, said this week. Currently running in a pilot phase, the program is mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and aims to reduce the number of ransomware attacks by getting the owners and operators of vulnerable systems to patch them before they can be infiltrated. Speaking at an event hosted by the Institute for Security and Technology, Easterly said the pilot is focused on reducing the prevalence of ransomware by using vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched. CISA has issued 2,049 warnings since the pilot was launched last January. It has since expanded to include CISA’s database of known exploited vulnerabilities and common misconfigurations that can be linked to ransomware attacks.