CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency has added four critical vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers to its Known Exploited Vulnerabilities catalog.

Key Points

CISA added CVE-2024-57726 and CVE-2024-57728, two SimpleHelp flaws linked to ransomware campaigns, to the KEV catalog.
Samsung MagicINFO 9 Server is impacted by CVE-2024-7399, a path traversal vulnerability previously exploited to deploy the Mirai botnet.
D-Link DIR-823X series routers face a command injection threat via CVE-2025-29635, which is currently being used to deliver Mirai variants.
Federal agencies must apply necessary patches or discontinue use of the affected D-Link hardware by the May 8, 2026, deadline.

Why it Matters

These vulnerabilities represent significant security risks because they are actively exploited by threat actors to facilitate ransomware attacks and botnet recruitment. Organizations using these specific software and hardware products must prioritize updates to prevent unauthorized system access and potential data compromise.

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Key Points

Why it Matters

Latest News

The tech news feed
that never sleeps.

Page not found

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Key Points

Why it Matters

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Lose your laptop, not your data: 7 Windows settings to enable now

Here are the most costly travel scams to watch out for this summer

Latest News

Related Articles

The tech news feedthat never sleeps.

Page not found

The tech news feed
that never sleeps.