CISA Adds Actively Exploited ConnectWise & Windows Vulnerabilities to KEV

Colleagues — a cybersecurity alert: CISA added two actively exploited vulnerabilities to KEV.
- CVE‑2024‑1708: path‑traversal in ConnectWise ScreenConnect — potential RCE and data exfiltration (patch: Feb 2024).
- CVE‑2026‑32202: Windows Shell protection bypass — network spoofing (patch: Apr 2026). Microsoft confirmed exploitation; Akamai links it to an incomplete fix for CVE‑2026‑21510.
- Both were chained with other bugs and used in Medusa and related attacks.
Why this matters: active exploitation increases risk of compromise and data encryption.
How will you prioritize patches and verifications?
#cybersecurity #vulnerabilities #patches #infosec


Latest comments
No comments yet.