CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs.
The post Recent Ivanti Endpoint Manager Flaw Exploited in Attacks appeared first on SecurityWeek.
CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List
The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1.
The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek.
Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks
The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.
The post Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks appeared first on SecurityWeek.
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog.
The post Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs appeared first on SecurityWeek.
Recent RoundCube Webmail Vulnerability Exploited in Attacks
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents.
The post Recent RoundCube Webmail Vulnerability Exploited in Attacks appeared first on SecurityWeek.
CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5
The vulnerability added to CISA’s KEV catalog affects ThreatSonar Anti-Ransomware and it was patched in 2024.
The post CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5 appeared first on SecurityWeek.
CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities
Disclosed at the end of January, the SolarWinds vulnerability was likely exploited as a zero-day since December 2025.
The post CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities appeared first on SecurityWeek.
New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog
The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it.
The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog appeared first on SecurityWeek.
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.
The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.
