TL;DR
['CISA has added four vulnerabilities to the KEV catalog due to signs of active exploitation. These include Microsoft Configuration Manager SQL Injection (CVE-2024-43468), Notepad++ Code Integrity Issues (CVE-2025-15556), SolarWinds Web Help Desk Security Control Bypass (CVE-2025-40536) and Apple Buffer Overflow Vulner
What happened
['CISA has included four new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-43468, CVE-2025-15556, CVE-2025-40536 and CVE-2026-20700, following evidence of exploitation. These vulnerabilities impact Microsoft Configuration Manager, Notepad++, SolarWinds Web Help Desk and Apple products.']
Why it matters for ops
["These vulnerabilities are critical as they represent active attack vectors for malicious actors. Immediate action is required to mitigate risks based on CISA's KEV guidelines."]
Mitigation
- Apply patches and updates as provided by vendors.
- Conduct thorough vulnerability assessments to identify instances of these vulnerabilities.
Action items
- Remediate identified vulnerabilities immediately.
- Review BOD 22-01 for federal agency guidelines on KEV management.
- Implement robust vulnerability management practices for all organizations.
Detection IOCs
- CVE-2024-43468
- CVE-2025-15556
- CVE-2025-40536
- CVE-2026-20700