top of page
ALL POSTS
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
CISA Adds Actively Exploited Vulnerabilities to KEV Catalog
Key Findings CISA added two actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog requiring immediate remediation CVE-2022-0492 affects Linux Kernel with CVSS 7.8, enabling privilege escalation and container escape attacks CVE-2025-48595 targets Android 14 and later with CVSS 8.4, allowing arbitrary code execution with elevated privileges Federal agencies must patch both vulnerabilities by June 5, 2026 under Binding Operational Directive 22-01 Both
Jun 32 min read
CISA Adds Microsoft and Adobe Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including Microsoft Defender flaws currently under active exploitation Two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498) are being actively exploited in the wild CVE-2026-41091 allows attackers to escalate privileges to SYSTEM level with a CVSS score of 7.8 Five additional legacy vulnerabilities from 2008-2010 were added to the catalog, affecting Windows, Int
May 212 min read
Cisco Catalyst SD-WAN Controller Critical Authentication Bypass Under Active Exploitation for Admin Access
Key Findings Critical authentication bypass vulnerability CVE-2026-20182 (CVSS 10.0) in Cisco Catalyst SD-WAN Controller actively exploited in limited attacks since May 2026 Vulnerability allows unauthenticated remote attackers to gain administrative privileges and manipulate SD-WAN fabric network configurations CISA added the flaw to Known Exploited Vulnerabilities catalog with a May 17, 2026 deadline for federal agencies to remediate The vulnerability affects the vdaemon se
May 143 min read
CISA Adds Actively Exploited Linux Root Access Vulnerability to Known Exploited Vulnerabilities Catalog
Key Findings CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild The Linux kernel flaw allows unprivileged local users to gain root-level access through a 732-byte Python exploit Nine-year-old vulnerability resulted from three separate kernel changes made in 2011, 2015, and 2017 that individually seemed harmless Patches available in Linux kernel versions 6.18.22, 6.19.12, and 7.0 Federal agencies must apply fixe
May 32 min read
CISA Adds Microsoft Windows Shell and ConnectWise ScreenConnect Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog CVE-2024-1708 is a critical path traversal flaw in ConnectWise ScreenConnect (CVSS 8.4) allowing remote code execution CVE-2026-32202 is a Windows Shell spoofing vulnerability (CVSS 4.3) currently under active exploitation by multiple threat actors Federal agencies must patch both vulnerabilities by May 12, 2026 The ConnectWise flaw has been chained with a critical au
Apr 292 min read
CISA Adds Exploited Vulnerabilities to KEV Catalog, Establishes May 2026 Federal Remediation Deadline
Key Findings CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on Friday SimpleHelp flaws enable privilege escalation and arbitrary code execution, previously linked to DragonForce ransomware campaigns Samsung MagicINFO vulnerability allows arbitrary file writes with system-level access and has been exploited since PoC release in April 2025 D-Link DIR-823X command injection flaw is being weaponized to deliver Mirai botnet varian
Apr 252 min read
CISA Adds TrueConf Client Vulnerability to Known Exploited Vulnerabilities Catalog
Key Findings CISA added CVE-2026-3502, a flaw in TrueConf Client, to its Known Exploited Vulnerabilities catalog on April 2, 2026 The vulnerability has a CVSS score of 7.8 and allows attackers to download and install malicious updates without integrity verification Threat actors are actively exploiting this flaw by compromising TrueConf servers and replacing legitimate update files with malicious payloads Check Point researchers attributed a wave of attacks called Operation T
Apr 53 min read
CISA Catalogs Critical F5 BIG-IP APM Vulnerability CVE-2025-53521 Following Active Exploitation
Key Findings CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday, citing active exploitation in the wild The vulnerability affects F5 BIG-IP Access Policy Manager (APM) and allows unauthenticated remote code execution with a CVSS v4 score of 9.3 The flaw was initially classified as a denial-of-service issue with a lower severity score but was reclassified as RCE after new information emerged in March 2026 Federal agencies have until March 30, 20
Mar 292 min read
CISA and BSI Alert Organizations to Critical PTC Windchill and FlexPLM Vulnerability
Key Findings CISA and BSI issued critical warning for CVE-2026-4681 affecting PTC Windchill and FlexPLM with CVSS score of 10.0 No patches available at time of advisory; exploitation could be imminent according to German media reports Remote Code Execution vulnerability exploitable through deserialization of untrusted data German police conducted unprecedented physical visits to companies to warn administrators, some at 3:30 AM PTC released indicators of compromise despite st
Mar 282 min read
CISA Adds Apple, Laravel Livewire, and Craft CMS Vulnerabilities to Known Exploited List
Key Findings CISA added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Apple flaws, one Craft CMS code injection, and one Laravel Livewire vulnerability Three Apple vulnerabilities are linked to active exploitation by the DarkSword iOS exploit kit Craft CMS flaws have been actively exploited in the wild to breach servers and steal data Laravel Livewire vulnerability is associated with Iran-nexus APT group MuddyWater Federal agenc
Mar 232 min read
CISA Warns of Critical SharePoint and Zimbra Vulnerability Exploits
Key Findings CISA added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog Vulnerabilities affect Microsoft SharePoint and Zimbra Collaboration Suite Federal agencies required to patch these vulnerabilities by specific deadlines One vulnerability allows remote code execution, the other enables cross-site scripting Background The U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues its proactive approach to identifying and addressing
Mar 191 min read
CISA Warns of Actively Exploited n8n Remote Code Execution Vulnerability Affecting 24,700 Instances
Key Findings * Critical remote code execution vulnerability in n8n workflow platform * CVE-2025-68613 added to CISA's Known Exploited Vulnerabilities (KEV) catalog * 24,700 unpatched instances exposed online * Vulnerability allows authenticated attackers to execute arbitrary code * FCEB agencies ordered to patch by March 25, 2026 Background n8n is an open-source workflow automation platform that allows users to connect different applications and services. The vulnerability ex
Mar 121 min read
CISA Adds Actively Exploited VMware Aria Operations Flaws to KEV Catalog
Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2026-22719 (CVSS 8.1) - Broadcom VMware Aria Operations Command Injection Vulnerability CVE-2026-21385 (CVSS 7.8) - Qualcomm Multiple Chipsets Memory Corruption Vulnerability Background The Broadcom vulnerability is a command injection flaw that allows an unauthenticated attacker to execute arbitrary commands, po
Mar 41 min read
CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog
Key Findings: CISA has added two actively exploited vulnerabilities in Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are CVE-2025-49113 (CVSS 9.9) and CVE-2025-68461 (CVSS 7.2). CVE-2025-49113 is a deserialization of untrusted data flaw that allows remote code execution by authenticated users. CVE-2025-68461 is a cross-site scripting vulnerability in the "animate" tag of an SVG document. Attackers have already weaponized
Feb 222 min read
Curated CVE Watch - CISA Known Exploited Vulnerabilities
Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are: CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution. CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability. These vulnerabilities have been actively exploited b
Feb 212 min read
U.S. CISA Tracks BeyondTrust Vulnerability in Known Exploited List
Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability in BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA) products to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2026-1731, has a CVSS score of 9.9 and could allow an unauthenticated attacker to execute remote commands without logging in. BeyondTrust released security updates on February 6, 2026, to address the critical vulnera
Feb 152 min read
CISA Mandates Agencies to Replace Unsupported Edge Devices for Improved Federal Network Security
Key Findings CISA has issued a binding operational directive ordering federal civilian executive branch (FCEB) agencies to stop using "edge devices" like firewalls and routers that their manufacturers no longer support. The directive aims to tackle a persistent attack vector that has factored into major and common cyber exploits in recent years. Unsupported edge devices pose serious risks as they are vulnerable to newly discovered and unpatched flaws that can provide hackers
Feb 62 min read
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities Key Findings: CISA added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities affect Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN orchestration platform, Vite Vitejs, and eslint-config-prettier npm package. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to apply th
Jan 232 min read
bottom of page
