CISA warns of new vulnerabilities in Cisco and Chrome under attack
CISA has added critical flaws in Cisco, Chrome, and Arista to its KEV catalog after confirming their active exploitation by malicious actors.
Critical Alert: New threats in the CISA KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, including three critical flaws that are being actively used in real-world attacks. This measure underscores the urgency of applying security patches before these breaches facilitate the deployment of ransomware or the exfiltration of sensitive data.
The scope of the threat
The added vulnerabilities affect key infrastructure and widely used tools. Notable among them is CVE-2026-20245, a security flaw in the Cisco Catalyst SD-WAN Manager with a CVSS score of 7.8, which allows for improper output encoding. Exploiting such flaws is a common tactic in a hack targeting corporate environments.
The inclusion of these vulnerabilities in the KEV catalog is not just a warning, but a mandate for federal agencies and private organizations to prioritize their immediate mitigation.
Protection measures against the risk of hacking
Recent history has taught us that inaction is an attacker's greatest ally. As we saw when CISA orders urgent patch following Check Point VPN hack, response speed is critical to avoiding total network compromise. In addition to the flaws in Cisco, the update also includes vulnerabilities in Google Chrome browsers and Arista devices, which significantly expands the attack surface.
To protect their systems, IT administrators should follow these recommendations:
- Immediate audit: Identify whether assets mentioned in the KEV catalog are present in your environment.
- Patch application: Prioritize updating firmware and software according to the manufacturers' official recommendations.
- Proactive monitoring: Implement intrusion detection solutions to identify anomalous behavior resulting from a potential exploited vulnerability.
Conclusion
Cybersecurity is a constant race against time. With the rise of automated ransomware campaigns, ignoring warnings from entities like CISA can leave any organization exposed. Staying informed and acting with diligence remains the best defense against emerging threats.
Sources: The Hacker News.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...