[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9BsQ11pK9jpMUNluW8bDWzbkkXBuLTFpqmMLmPLRbSo":3},{"article":4,"iocs":60},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":34,"category":35,"article_tags":39},"30cd9135-b2b9-4e5d-aeb7-4f083acf73d2","CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline","cisa-adds-4-exploited-flaws-to-kev-sets-may-2026-federal-deadline-ff0558","The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in","CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on April 25, 2026, including critical flaws in SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, all with evidence of active exploitation. The SimpleHelp vulnerabilities (CVE-2024-57726, CVE-2024-57728) have been linked to ransomware campaigns by DragonForce, while Samsung and D-Link flaws are associated with Mirai botnet deployments. Federal agencies must apply patches or discontinue affected appliances by May 8, 2026.","CISA adds 4 actively exploited vulnerabilities to KEV catalog with May 2026 federal deadline.","CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline Ravie LakshmananApr 25, 2026Network Security \u002F Infrastructure Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role. CVE-2024-57728 (CVSS score: 7.2) - A path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e., zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. CVE-2024-7399 (CVSS score: 8.8) - A path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files as system authority. CVE-2025-29635 (CVSS score: 7.5) - A command injection vulnerability in end-of-life D-Link DIR-823X series routers that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to \u002Fgoform\u002Fset_prohibiting via the corresponding function. While both the SimpleHelp flaws have been marked as \"Unknown\" against the \"Known To Be Used in Ransomware Campaigns?\" indicator in the KEV catalog, reports from Field Effect and Sophos revealed early last year that the issues were exploited as a precursor to ransomware attacks. One such campaign was attributed to the DragonForce ransomware operation. The exploitation of CVE-2024-7399 has been linked to malicious activity deploying the Mirai botnet in the past. As for CVE-2025-29635, Akamai disclosed earlier this week that it recorded attempts against D-Link devices to deliver a Mirai botnet variant named \"tuxnokill.\" To mitigate the active threats, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the fixes or, in the case of CVE-2025-29635, discontinue the use of the appliance by May 8, 2026. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  botnet, cybersecurity, Infrastructure Security, network security, ransomware, Router, Threat Intelligence ⚡ Top Stories This Week 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Trellix Confirms Source Code Breach With Unauthorized Repository Access ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Critical Apache HTTP\u002F2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise 2026: The Year of AI-Assisted Attacks Day Zero Readiness: The Operational Gaps That Break Incident Response We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is ⭐ Featured Resources [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Guide] Get Practical AI SOC Insights to Improve Threat Detection [Demo] Discover How to Control Autonomous Identity Risks Effectively [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster","https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fcisa-adds-4-exploited-flaws-to-kev-sets.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgBMgO4j_Nf0B9HdU4WtN1axBdJFNJgV6Xvb8pCk0kooK6_-gNIxfURSqLIJuuzaufzvoXVTkFFg9WfMkyHvu4h_DBQK4QMJ21JYdwWtLem-CSOgTEYFhXazp4aSPJJglbiZel1V5aatqMKFCXk3scw-3UmMzQPrmTn-CbgBBjpLu_i4TBfNyS2kgZSkreW\u002Fs1600\u002Fcisa-kev.jpg","2026-04-25T05:08:00+00:00","2026-04-25T08:00:17.372308+00:00",9,[18,21,24,26,28,31],{"name":19,"type":20},"CISA","vendor",{"name":22,"type":23},"SimpleHelp","product",{"name":25,"type":23},"Samsung MagicINFO 9 Server",{"name":27,"type":23},"D-Link DIR-823X",{"name":29,"type":30},"DragonForce","threat_actor",{"name":32,"type":33},"Known Exploited Vulnerabilities (KEV) Catalog","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":34,"icon":36,"name":37,"slug":38},null,"Vulnerabilities","vulnerabilities",[40,45,50,55],{"category":41},{"id":42,"icon":36,"name":43,"slug":44},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":46},{"id":47,"icon":36,"name":48,"slug":49},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":51},{"id":52,"icon":36,"name":53,"slug":54},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":56},{"id":57,"icon":36,"name":58,"slug":59},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[61,65,68,71,74,76,79],{"type":62,"value":63,"context":64},"cve","CVE-2024-57726","Missing authorization in SimpleHelp allowing privilege escalation (CVSS 9.9)",{"type":62,"value":66,"context":67},"CVE-2024-57728","Path traversal in SimpleHelp enabling arbitrary code execution (CVSS 7.2)",{"type":62,"value":69,"context":70},"CVE-2024-7399","Path traversal in Samsung MagicINFO 9 Server for arbitrary file write (CVSS 8.8)",{"type":62,"value":72,"context":73},"CVE-2025-29635","Command injection in D-Link DIR-823X routers (CVSS 7.5)",{"type":54,"value":29,"context":75},"Ransomware operation exploiting SimpleHelp vulnerabilities",{"type":54,"value":77,"context":78},"Mirai","Botnet deployed via Samsung MagicINFO and D-Link CVE-2024-7399",{"type":54,"value":80,"context":81},"tuxnokill","Mirai botnet variant targeting D-Link DIR-823X devices"]