CISA Flags Four Actively Exploited Flaws in KEV Update and Urges Patch

February 18, 2026 at 08:54 PM

•

1 min read

CISA Flags Four Actively Exploited Flaws in KEV Update and Urges Patch — Photo: The Hacker News

TL;DR Summary

CISA added four flaws to the Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-2441 (Chrome use-after-free), CVE-2024-7694 (TeamT5 ThreatSonar Anti-Ransomware arbitrary file upload leading to command execution), CVE-2020-7796 (Zimbra Collaboration Server SSRF), and CVE-2008-0015 (Windows Video ActiveX buffer overflow). Google confirms an in-the-wild exploit for CVE-2026-2441; GreyNoise documents about 400 IPs exploiting CVE-2020-7796 across several countries; the CVE-2008-0015 exploit can download additional malware like Dogkild and alter system files/hosts. The TeamT5 exploitation vector remains unclear. Federal agencies are urged to patch by March 10, 2026.

Topics:technology #cisa #exploitation #kev #patching #security #vulnerabilities

Share this article

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update The Hacker News
CISA flags critical Microsoft SCCM flaw as exploited in attacks BleepingComputer
Attackers finally get around to exploiting critical Microsoft bug from 2024 theregister.com
CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog SC Media
Flaws in Google, Microsoft products added to Cisa catalogue Computer Weekly

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

80%

425 → 86 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights