Tag: kev
-
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
Tags: authentication, automation, cisa, cve, cvss, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The critical-severity vulnerabilities are listed below -CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html
-
CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Qualcomm chipset vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 3, 2026, confirming active exploitation in the wild. The flaw, tracked as CVE-2026-21385, affects multiple Qualcomm chipsets and introduces a serious memory corruption risk that attackers can leverage to compromise affected devices. Vulnerability…
-
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vmware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: In…
-
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2026-22719, is currently being exploited in the wild, prompting urgent calls for organizations to apply necessary mitigations. VMware Aria Operations, formerly known as vRealize Operations (vROps),…
-
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild.The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an First seen…
-
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
CISA Issues Alert on Active Exploitation of FileZen Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese vendor Soliton Systems K.K. The flaw, tracked as CVE-2026-25108, is classified as an OS Command…
-
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/
-
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Soliton Systems K.K. FileZen is a…
-
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute First…
-
Hackers target vulnerabilities in Roundcube Webmail
CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-target-vulnerabilities-in-roundcube-webmail/812839/
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
Security Affairs newsletter Round 564 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…
-
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Roundcube is a popular webmail platform and has been repeatedly targeted…
-
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code First seen on thehackernews.com…
-
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is…
-
Flaws in Google and Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
Flaws in Google, Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
CISA Warns of Actively Exploited Google Chromium 0″‘Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The agency’s inclusion of this bug serves as a mandate for federal agencies to apply necessary…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
Don’t panic over CISA’s KEV list, use it smarter
In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/cisa-kev-catalog-video/
-
Attackers Exploit Critical BeyondTrust Flaw to Seize Full Active Directory Control
Tags: access, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityA critical vulnerability, CVE-2026-1731, affecting self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments. This security flaw allows unauthenticated attackers to inject operating system commands, effectively granting them remote code execution capabilities. The severity of this campaign has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…