SyncWave Blog
Cybersecurity 2 min read 88

CISA warns of new vulnerabilities in Cisco and Chrome under attack

CISA has added critical flaws in Cisco, Chrome, and Arista to its KEV catalog after confirming their active exploitation by malicious actors.

Critical Alert: New threats in the CISA KEV catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, including three critical flaws that are being actively used in real-world attacks. This measure underscores the urgency of applying security patches before these breaches facilitate the deployment of ransomware or the exfiltration of sensitive data.

The scope of the threat

The added vulnerabilities affect key infrastructure and widely used tools. Notable among them is CVE-2026-20245, a security flaw in the Cisco Catalyst SD-WAN Manager with a CVSS score of 7.8, which allows for improper output encoding. Exploiting such flaws is a common tactic in a hack targeting corporate environments.

The inclusion of these vulnerabilities in the KEV catalog is not just a warning, but a mandate for federal agencies and private organizations to prioritize their immediate mitigation.

Protection measures against the risk of hacking

Recent history has taught us that inaction is an attacker's greatest ally. As we saw when CISA orders urgent patch following Check Point VPN hack, response speed is critical to avoiding total network compromise. In addition to the flaws in Cisco, the update also includes vulnerabilities in Google Chrome browsers and Arista devices, which significantly expands the attack surface.

To protect their systems, IT administrators should follow these recommendations:

  1. Immediate audit: Identify whether assets mentioned in the KEV catalog are present in your environment.
  2. Patch application: Prioritize updating firmware and software according to the manufacturers' official recommendations.
  3. Proactive monitoring: Implement intrusion detection solutions to identify anomalous behavior resulting from a potential exploited vulnerability.

Conclusion

Cybersecurity is a constant race against time. With the rise of automated ransomware campaigns, ignoring warnings from entities like CISA can leave any organization exposed. Staying informed and acting with diligence remains the best defense against emerging threats.


Sources: The Hacker News.

Share:

Comments

Loading comments...

Contact

Want to get in touch?

Questions, suggestions or proposals — write to us and we will respond.