TL;DR
['CISA adds four new vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of exploitation, including CVE-2008-0015, CVE-2020-7796, CVE-2024-7694, and CVE-2026-2441.', 'CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities as part of their vulnerability m
What happened
['CISA added four new entries to its Known Exploited Vulnerabilities (KEV) catalog based on evidence that these are being actively exploited by threat actors.', 'The additions include Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability, Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability, TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability, and Google Chromium CSS Use-After-Free Vulnerability.']
Why it matters for ops
['The vulnerabilities listed in the KEV Catalog represent significant risks to organizations as they are actively being exploited by malicious cyber actors.', 'CISA updates its catalog regularly based on new evidence of exploitation to help mitigate risk exposure.']
Mitigation
- Apply available patches and updates for all listed vulnerabilities as soon as possible.
- Implement strict file upload restrictions and validate file types in affected systems.
- Monitor network traffic for signs of server-side request forgery attempts or unauthorized code execution.
Action items
- Review CISA's KEV Catalog regularly and prioritize remediation based on severity and applicability.
- Ensure compliance with BOD 22-01 for Federal Civilian Executive Branch (FCEB) agencies, if applicable.
- Develop a comprehensive strategy to address known exploited vulnerabilities in your environment.
Detection IOCs
- Evidence of unauthorized code execution in environments using the affected Microsoft or Synacor products.
- Observation of server-side request forgery attempts targeting Zimbra servers.
- Incidents where TeamT5's anti-ransomware solution is exploited to upload malicious files.