{"id":43758,"date":"2026-02-18T23:59:39","date_gmt":"2026-02-18T15:59:39","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/18\/cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update\/"},"modified":"2026-02-18T23:59:39","modified_gmt":"2026-02-18T15:59:39","slug":"cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/18\/cisa-flags-four-security-flaws-under-active-exploitation-in-latest-kev-update\/","title":{"rendered":"CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update"},"content":{"rendered":"<div style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMthhoYB21iUycGm4t9Z8XBCzBHeEBnyGAy0VYV_szV8cL19wb2nn0OSqFBl35b7viP2cIkWdNIULp3eZHNPXMAjdyL67hvTY7wlYizhDDysYKzSinMqCJrh44qfrrdTmfT3Dx9H_gJlFayVV0NoDAP_JSPHDLo0WQjM4d7AGdA-wo8mf1vmoZIPrjBZQY\/s1600\/cisa-kev.jpg\" style=\"display: block; padding: 1em 0; text-align: center; clear: left; float: left;\"><img decoding=\"async\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiMthhoYB21iUycGm4t9Z8XBCzBHeEBnyGAy0VYV_szV8cL19wb2nn0OSqFBl35b7viP2cIkWdNIULp3eZHNPXMAjdyL67hvTY7wlYizhDDysYKzSinMqCJrh44qfrrdTmfT3Dx9H_gJlFayVV0NoDAP_JSPHDLo0WQjM4d7AGdA-wo8mf1vmoZIPrjBZQY\/s1600\/cisa-kev.jpg\" alt=\"CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update\"\/><\/a><\/div>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/02\/17\/cisa-adds-four-known-exploited-vulnerabilities-catalog\" rel=\"noopener\" target=\"_blank\">added<\/a> four security flaws to its Known Exploited Vulnerabilities (<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" rel=\"noopener\" target=\"_blank\">KEV<\/a>) catalog, citing evidence of active exploitation in the wild.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-2441\" rel=\"noopener\" target=\"_blank\">CVE-2026-2441<\/a><\/strong> (CVSS score: 8.8) &#8211; A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.<\/li>\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-7694\" rel=\"noopener\" target=\"_blank\">CVE-2024-7694<\/a><\/strong> (CVSS score: 7.2) &#8211; An <a href=\"https:\/\/www.twcert.org.tw\/en\/cp-139-8000-e5a5c-2.html\" rel=\"noopener\" target=\"_blank\">arbitrary file upload vulnerability<\/a> in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier that could allow an attacker to upload malicious files and achieve arbitrary system command execution on the server.<\/li>\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2020-7796\" rel=\"noopener\" target=\"_blank\">CVE-2020-7796<\/a><\/strong> (CVSS score: 9.8) &#8211; A server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow an attacker to send a crafted HTTP request to a remote host and obtain unauthorized access to sensitive information.<\/li>\n<li><strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2008-0015\" rel=\"noopener\" target=\"_blank\">CVE-2008-0015<\/a><\/strong> (CVSS score: 8.8) &#8211; A stack-based buffer overflow vulnerability in Microsoft Windows Video ActiveX Control that could allow an attacker to achieve remote code execution by setting up a specially crafted web page.<\/li>\n<\/ul>\n<p>The addition of CVE-2026-2441 to the KEV catalog comes days after Google <a href=\"https:\/\/thehackernews.com\/2026\/02\/new-chrome-zero-day-cve-2026-2441-under.html\" rel=\"noopener\" target=\"_blank\">acknowledged<\/a> that &#8220;an exploit for CVE-2026-2441 exists in the wild.&#8221; It&#8217;s currently not known how the vulnerability is being weaponized, but such information is typically withheld until a majority of the users are updated with a fix so as to prevent other threat actors from joining the exploitation bandwagon.<\/p>\n<p>As for CVE-2020-7796, a report published by threat intelligence firm GreyNoise in March 2025 <a href=\"https:\/\/thehackernews.com\/2025\/03\/over-400-ips-exploiting-multiple-ssrf.html\" rel=\"noopener\" target=\"_blank\">revealed<\/a> that a cluster of about 400 IP addresses was actively exploiting multiple SSRF vulnerabilities, including CVE-2020-7796, to target susceptible instances in the U.S., Germany, Singapore, India, Lithuania, and Japan.<\/p>\n<p>&#8220;When a user visits a web page containing an exploit detected as Exploit:JS\/CVE-2008-0015, it may connect to a remote server and download other malware,&#8221; Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Exploit:HTML\/CVE-2008-0015\" rel=\"noopener\" target=\"_blank\">notes<\/a> in its threat encyclopedia. It also said it&#8217;s aware of cases where the exploit is used to download and execute <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Worm:Win32\/Dogkild.A\" rel=\"noopener\" target=\"_blank\">Dogkild<\/a>, a worm that propagates via removable drives.<\/p>\n<p>The worm comes with capabilities to retrieve and run additional binaries, overwrite certain system files, terminate a long list of security-related processes, and even replace the Windows Hosts file in an attempt to prevent users from accessing websites associated with security programs.<\/p>\n<p>It&#8217;s presently unclear how the TeamT5 ThreatSonar Anti-Ransomware vulnerability is being exploited. Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by March 10, 2026, for optimal protection.<\/p>\n<div><\/div>\n<div>Found this article interesting?  Follow us on <a href='https:\/\/news.google.com\/publications\/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ' rel='noopener' target='_blank'>Google News<\/a>, <a href='https:\/\/twitter.com\/thehackersnews' rel='noopener' target='_blank'>Twitter<\/a> and <a href='https:\/\/www.linkedin.com\/company\/thehackernews\/' rel='noopener' target='_blank'>LinkedIn<\/a> to read more exclusive content we post.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-43758","post","type-post","status-publish","format-standard","hentry","category-thehackernews"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=43758"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43758\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=43758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=43758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=43758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}