VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CISA Adds 4 Vulnerabilities to KEV — Federal Deadlines Through May 2026

CISA добавила 4 уязвимости в KEV — федеральные сроки до мая 2026

Colleagues — please note: CISA has added four vulnerabilities to the KEV catalog.

What was found: SimpleHelp — CVE-2024-57726 (authorization bypass) and CVE-2024-57728 (zip‑slip); Samsung MagicINFO 9 — CVE-2024-7399 (path traversal); D‑Link DIR‑823X — CVE-2025-29635 (command injection, EOL).

Evidence: these flaws were used prior to ransomware incidents (Field Effect links to DragonForce and Sophos) and to propagate Mirai, including 'tuxnokill' attempts (Akamai).

Recommendations: apply patches or, for D‑Link, decommission devices until May 8, 2026.

Why it matters: active exploitation risks infrastructure, enabling botnets and ransomware.

How will you prioritise these CVEs in your environment?

#cybersecurity #vulnerabilities #CISA #KEV

Latest comments

No comments yet.