CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA has added these vulnerabilities to the KEV catalog due to active exploitation in the wild, requiring immediate action for affected systems.
CTI status
As of:
Last pipeline run:
Source reliability
Information credibility
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
CISA has added these vulnerabilities to the KEV catalog due to active exploitation in the wild, requiring immediate action for affected systems.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution with CVSS 7.8 when user interaction is present.
Attackers can execute arbitrary code on Adobe Acrobat Reader DC if a user opens a malicious file or visits a malicious webpage.
Use-After-Free in Adobe Acrobat Pro DC AcroForm processing enables remote code execution when a user interacts with a malicious file or website; CVSS 7.8.
A use-after-free vulnerability in Adobe Acrobat Pro DC enables remote code execution via malicious files or web pages with moderate-to-high severity (CVSS 7.8).
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution through malicious PDF files with annotations, requiring user interaction.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution when visiting a malicious page or opening a crafted file, posing significant risk in manufacturing environments with frequent PDF exchange.
A use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution with CVSS 7.8 via malicious files or webpages.
An integer overflow vulnerability in Adobe Acrobat Reader DC's TIF file parsing enables remote code execution with low user interaction requirements.
Local privilege escalation in Windows Narrator requires precondition (low-privilege code execution) and optional Braille module installation; CVSS 7.0 indicates high but non-critical risk.
The vulnerability enables attackers positioned between the migration agent and vCenter to harvest vCenter administrator credentials directly without needing to break encryption, as the TLS connection is hardcoded to be insecure.
An annotation-based use-after-free vulnerability in Adobe Acrobat Reader DC enables remote code execution upon user interaction, rated CVSS 7.8 with KEV potential.
This is a pure patch roundup covering multiple CVEs across different vendors with no evidence of active exploitation in the wild.
China-nexus threat actors are actively targeting software development infrastructure, code repositories, and developer tools to penetrate supply chains of European manufacturing organizations.
A state-sponsored Chinese botnet comprising over 1,500 compromised devices is being used for large-scale reconnaissance of exposed services and infrastructure mapping.
Kimsuky actively deploys PebbleDash-based tools (httpMalice, httpSpy, DWAgent) against Western organizations; the newer HTTP variant establishes persistence via Windows services (CacheDB) and mirrors established Kimsuky TTPs.
State-mandated cybersecurity defenses against known Chinese espionage campaigns are weakened by industry lobbying, signalling structural vulnerability of critical infrastructure and geopolitical policy uncertainty.
A zero-day in Microsoft Defender enables local escalation to SYSTEM privileges and endangers all endpoints running Defender as the standard antivirus.
A functional public exploit for a Microsoft Defender zero-day enables SYSTEM-level privileges on Windows 10/11 with June 2026 updates and is already being actively exploited; no patch available.
Monthly Patch Tuesday report with broad vulnerability coverage; strategically not novel , priority is timely patching of critical RCEs in Remote Desktop Client.
Microsoft has patched a record 206 vulnerabilities in a single cycle, 39 of them critical and three publicly disclosed at release; the high number of privilege escalation and RCE flaws requires prioritized patching strategy.
Two critical unauthenticated RCE vulnerabilities in Fortinet and Ivanti enable remote access without authentication; Fortinet confirms no exploitation in the wild, but timely patching is required.
The vulnerability enables attacks without user interaction, significantly increasing the risk and enabling worm-like propagation mechanisms.
BSI warning of critical code-execution vulnerability in Fortinet products requires immediate patch evaluation and deployment.
BSI advisory on critical RCE vulnerability in Veeam Backup & Replication requires immediate verification and patching if this backup solution is in use.
The vulnerability allows local attackers to execute kernel-code without user interaction, gaining complete system control.
A use-after-free vulnerability in Foxit PDF Reader enables remote code execution through specially crafted PDF files without elevated privileges.
BSI warning regarding multiple OpenSSL vulnerabilities without specific CVE numbers or version information , likely a summary or preparatory advisory.
Active campaign deploying 14 malicious npm packages to harvest AWS credentials, Vault tokens, and CI/CD pipeline secrets , direct threat to development and deployment processes.
The vulnerability enables remote code execution by authenticated domain users on backup systems, requiring prioritization in environments with strict domain access controls.
The BSI warning addresses multiple unspecified vulnerabilities in Adobe Creative Cloud without specific CVE numbers or technical details, suggesting a generic advisory on security updates.
BSI warns of multiple undocumented Edge vulnerabilities; details and CVE numbers to follow; Microsoft Edge patch frequency requires continuous WSUS/update monitoring.
Fortinet has closed multiple critical security vulnerabilities in its security products, including an unauthenticated command injection flaw in FortiSandbox that requires immediate patching.
This is a typical patch roundup without description of active exploitations or campaigns, aggregating over 120 independent CVEs across multiple Adobe products.
A kernel buffer vulnerability allows unprivileged local attackers to gain root access through a simple typo in kernel logic.
A security researcher has publicly leaked an exploit for Microsoft Defender, possibly in reaction to tensions with Microsoft regarding responsible disclosure processes.
BSI warns of multiple vulnerabilities in Microsoft 365 Copilot, PowerToys, and other Microsoft products with potential for privilege escalation and code execution; no CVE identifiers disclosed, so patch status and exploitation timeline unclear.
BSI warns of multiple vulnerabilities in Adobe Creative Cloud; exploitation requires user action (opening malicious files).
A local privilege escalation vulnerability in Microsoft Defender for Endpoint (macOS version) undermines endpoint defense and requires timely patching for affected macOS systems.
A disgruntled researcher is actively releasing proof-of-concept exploits for Windows Defender vulnerabilities enabling system takeover with no indication of ceasing the campaign.
A race condition in the V8 JavaScript engine enables type confusion and potentially remote code execution via crafted HTML pages without requiring additional user interaction or authentication.
The vulnerability requires authenticated access, limiting immediate risk; however, access controls and patch management for Synology systems should be reviewed.
AI-driven vulnerability discovery tools are driving a significant increase in patch frequency; development teams should plan for accelerated update cycles.
A security researcher under the pseudonym Nightmare Eclipse has disclosed additional zero-day vulnerabilities in BitLocker (YellowKey and GreenPlasma) that are already public and addressed in this patch cycle; this reveals strategic timing of disclosure campaigns against Microsoft.
The alert is part of a Patch Tuesday roundup lacking specific details on attack patterns, victim sectors, or active exploits; substantive threat analysis is absent.
An actively exploited XSS vulnerability in Exchange Server allows attackers to execute arbitrary JavaScript code in Outlook Web Access and target users.
A security researcher (Nightmare Eclipse) has publicly released a proof-of-concept for a Windows zero-day to pressure Microsoft after the company failed to meet disclosure requirements.
The report is a patch summary without details on active exploit campaigns or specific threat actors; information about the critical flaws and their exploitation in practice is not provided.
Routine BSI Patch Day advisories are standard security updates with no specific strategic implications for geopolitical or nation-state activity.
The BSI alert references multiple local vulnerabilities in Intel processors without citing specific CVE numbers or active exploitation; this suggests a generic or aggregated advisory, possibly within the context of periodic security reviews.
BSI warns of local vulnerability in Siemens TIA Portal/WinCC Unified PC Runtime enabling information disclosure, requiring local access.