CISA Adds 4 Vulnerabilities to KEV — Federal Deadlines Through May 2026

Colleagues — please note: CISA has added four vulnerabilities to the KEV catalog.
What was found: SimpleHelp — CVE-2024-57726 (authorization bypass) and CVE-2024-57728 (zip‑slip); Samsung MagicINFO 9 — CVE-2024-7399 (path traversal); D‑Link DIR‑823X — CVE-2025-29635 (command injection, EOL).
Evidence: these flaws were used prior to ransomware incidents (Field Effect links to DragonForce and Sophos) and to propagate Mirai, including 'tuxnokill' attempts (Akamai).
Recommendations: apply patches or, for D‑Link, decommission devices until May 8, 2026.
Why it matters: active exploitation risks infrastructure, enabling botnets and ransomware.
How will you prioritise these CVEs in your environment?
#cybersecurity #vulnerabilities #CISA #KEV


Latest comments
No comments yet.