Tag

#KEV

12 stories taggedKEV.

Full-frame edge-to-edge photoreal news-editorial image of a darkened server rack in a data centre, blue and amber status lights glowing, one drawer pulled sligh
Vulnerabilities

US cyber agency gives federal staff four days to patch Langflow AI tool being actively hacked

CISA added an authorisation bypass in the popular AI-agent builder Langflow to its must-patch list after Sysdig spotted attackers stealing cloud keys and hijacking servers.

4 min
Full-frame edge-to-edge photoreal news-editorial image of a dimly lit server room with rows of dark rack-mounted servers, blue and amber status LEDs reflecting
Vulnerabilities

CISA Flags Four Live-Exploited Bugs in Adobe, Joomla and Langflow

The US cyber agency gave federal agencies until early December to patch a critical Adobe ColdFusion flaw and three others already being abused in the wild.

3 min
Photoreal editorial image, 16:9 full-frame edge-to-edge composition
Vulnerabilities

CISA Flags Actively Exploited SimpleHelp Flaw, Orders Federal Agencies to Patch Fast

A newly listed authentication bypass in SimpleHelp remote-support software is being used in real attacks, and federal agencies now face a hard deadline to fix it.

3 min
Vulnerabilities

Splunk Enterprise RCE Flaw Under Active Exploitation, CISA Gives Feds 72 Hours

CVE-2026-20253 allows unauthenticated remote code execution in Splunk Enterprise. Attackers didn't wait long.

2 min
Vulnerabilities

The Exposures Defenders Will Be Cleaning Up in 2026

From memory-leak bugs like MongoBleed to forgotten admin panels, the attack surface keeps growing faster than patch cycles.

3 min
Policy & Regulation

CISA Sets Three-Day Patch Deadline for Actively Exploited LiteSpeed cPanel Plugin Flaw

CVE-2026-54420 lands on the KEV catalog, triggering a BOD 22-01 remediation clock for federal civilian agencies.

2 min
Vulnerabilities

CISA Gives Agencies 72 Hours on Ivanti Sentry Bug Under New Emergency Directive

BOD 26-04 sets a sharper clock for actively exploited flaws. First target: an Ivanti Sentry vulnerability already in attackers' hands.

2 min
Vulnerabilities

Langflow Path Traversal Flaw CVE-2026-5027 Hits CISA's Exploited List

An unauthenticated write-anywhere bug in the open-source AI builder is being abused in the wild, per VulnCheck telemetry, raising fresh questions for federal users bound by BOD 22-01 patch deadlines.

2 min
Policy & Regulation

CISA's New Patching Directive Drops CVSS as the North Star

BOD 26-04 introduces a four-factor framework that prioritizes internet exposure, active exploitation, and attacker automation over raw severity scores — and gives agencies three days to act on the worst cases.

3 min
Policy & Regulation

CISA Triggers Federal Patch Clock on Cisco, Chrome and Arista Bugs Under KEV

Three vulnerabilities added to the Known Exploited Vulnerabilities catalog activate BOD 22-01 remediation deadlines for civilian agencies.

2 min
Vulnerabilities

CISA Gives Federal Agencies Four Days to Kill a cPanel Plugin Bug Already Being Exploited

The LiteSpeed plugin sits on millions of shared hosting accounts. CISA's compressed timeline says the quiet part loud: someone's already inside.

2 min
Vulnerabilities

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit

Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.

2 min
© 2026 Threat Vectr