Tag: cisa-kev

Critical n8n RCE Hits KEV Catalog While Attackers Weaponize SOC Fatigue and Target Developers

CISA added a critical n8n workflow automation RCE vulnerability to the KEV catalog following active exploitation, while researchers reveal how attackers deliberately overwhelm SOC analysts and target developers through fake job interviews.

Mar 12, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

cisa-kevremote-code-executionandroid-malware

🏴Royal

🇺🇸Apple🇺🇸Meta Platforms

criticalMalware & Threats

Week in Malware: CISA Adds n8n to KEV, Iran-Linked Wiper Hits Medical Giant

CISA added an actively exploited n8n RCE vulnerability to its KEV catalog, mandating federal patches by March 25. Meanwhile, Iranian-linked Handala group deployed wiper malware against medical technology giant Stryker.

Mar 12, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Bitdefender Labs

ransomwaresupply-chaincisa-kev

🇷🇺BlackCat

🇺🇸Google🇺🇸Meta Platforms

criticalVulnerabilities & Exploits

CISA KEV Updates, APT28 Campaign, and Agentic AI Security Challenges

CISA flagged three actively exploited vulnerabilities for immediate patching while APT28 continues surveillance operations against Ukrainian forces. Meanwhile, the cybersecurity community grapples with new attack vectors in AI agents and supply chain compromises.

Mar 10, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

cisa-kevapt28agentic-ai

🇷🇺APT28

criticalMalware & Threats

Malware Threats Weekly: CISA Flags Ivanti EPM Zero-Day, APT28 Leverages Covenant Framework, Meta Ad Network Powers Global Scam Operations

CISA ordered federal agencies to patch an actively exploited Ivanti Endpoint Manager vulnerability within three weeks. Russian APT28 operators are using customized Covenant framework tools for espionage, while a massive investment fraud network leveraging Meta advertising platforms has been discovered operating across 25 countries.

Mar 10, 2026BleepingComputer, Checkpoint Research, Malwarebytes Labs, SecureList (Kaspersky), Bitdefender Labs

apt28ivanticisa-kev

🏴ShinyHunters🇷🇺APT28🏴Play

🇺🇸Meta Platforms🇺🇸Google

criticalVulnerabilities & Exploits

Critical Vulnerabilities Under Attack: CISA Adds CVSS 9.8 Flaws While APTs Deploy New Tools

CISA confirmed active exploitation of critical vulnerabilities in Hikvision cameras and Rockwell automation systems. Meanwhile, Iranian MuddyWater hackers target US organizations with new Dindoor backdoor, and Chinese APT UAT-9244 deploys sophisticated implants against South American telecommunications infrastructure.

Mar 6, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

cisa-kevcritical-vulnerabilitiesapt-campaigns

🇨🇳Salt Typhoon🇮🇷MuddyWater

🇨🇳Hikvision

criticalMalware & Threats

Critical VMware RCE Exploited, Major Breaches Hit LexisNexis and AkzoNobel

CISA confirmed active exploitation of a VMware Aria Operations RCE vulnerability, adding it to the KEV catalog. Major data breaches impacted LexisNexis and AkzoNobel, while threat actors continue leveraging OAuth flows and compromised infrastructure for attacks.

Mar 4, 2026BleepingComputer, Graham Cluley, Checkpoint Research, Malwarebytes Labs, SecureList (Kaspersky)

vmwarecisa-kevdata-breach

🏴Play

🇺🇸LexisNexis🇺🇸Meta Platforms🇺🇸Google

criticalVulnerabilities & Exploits

CISA Adds FileZen to KEV as Multiple Critical Vulnerabilities Surface

CISA added FileZen CVE-2026-25108 to its KEV catalog following confirmed active exploitation of the command injection vulnerability. Separately, GitHub patched the RoguePilot flaw that allowed attackers to steal tokens via malicious Copilot instructions, while Microsoft identified a developer-targeting campaign using poisoned Next.js repositories.

Feb 25, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

filezencisa-kevgithub-copilot

criticalMalware & Threats

Active RoundCube Exploitation, AI-Generated Stealers, and France's FICOBA Breach

CISA flags actively exploited RoundCube flaws, researchers analyze AI-generated Arkanix Stealer, and France discloses 1.2M account breach in national banking registry.

Feb 23, 2026BleepingComputer, Checkpoint Research, Malwarebytes Labs

roundcubecisa-kevinfo-stealer

🇨🇳TikTok

criticalNation-State & APT

Nation-State Roundup: CISA KEV Updates, North Korean IT Infiltration, and Russian Hybrid Warfare Escalation

CISA adds exploited RoundCube flaws to KEV, Ukrainian sentenced for North Korean IT worker scheme, PayPal breach exposes data for six months, and Dutch intelligence warns of escalating Russian hybrid...

Feb 21, 2026Security Affairs, The Record

cisa-kevroundcubenorth-korea

criticalVulnerabilities & Exploits

CISA Adds GitLab SSRF and Dell RP4VMs Hard-coded Credentials Vulnerabilities to KEV Catalog

CISA adds GitLab SSRF and Dell RecoverPoint hard-coded credential vulnerabilities to KEV catalog, requiring federal agencies to remediate due to active exploitation evidence.

Feb 18, 2026CISA Alerts

cisa-kevgitlabdell

criticalVulnerabilities & Exploits

Critical Zero-Day Roundup: Dell RecoverPoint Exploited Since 2024, VoIP Phones Under Attack

Critical zero-day in Dell RecoverPoint exploited since 2024, VoIP phones exposed to RCE, VS Code extensions vulnerable, and AI assistants weaponized as C2 proxies.

Feb 18, 2026The Hacker News, SANS ISC, CISA KEV

zero-dayrcevoip-security

🇺🇸Google