CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

Published: 2 hours ago (April 25, 2026 at 01:08 AM EDT)

1 min read

Source: The Hacker News

Added Vulnerabilities

CVE‑2024‑57726 – CVSS score: 9.9
Description: A missing authorization vulnerability affecting SimpleHelp.

(Additional vulnerabilities affecting Samsung MagicINFO 9 Server and D‑Link DIR‑823X series routers were also added to the KEV catalog, but detailed descriptions were not provided in the source material.)

Federal Deadline

CISA has set a May 2026 deadline for federal agencies to remediate or mitigate the newly added KEV entries, aligning with broader government cybersecurity compliance timelines.

Back to Blog

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security...

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Overview Chinese‑speaking individuals are the target of a new campaign that uses a trojanized version of the SumatraPDF reader to deploy the AdaptixC2 Beacon p...

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

Summary A high‑severity security flaw in LMDeploy, an open‑source toolkit for compressing, deploying, and serving large language models LLMs, has been actively...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa...