CISA Adds 4 Critical Software Vulnerabilities to KEV Catalog | Cybersecurity News (2026)

The Cyber Threat Landscape: Four Critical Vulnerabilities Unveiled

In a critical update, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled four newly discovered security flaws, each actively exploited in the wild. This revelation underscores the ever-evolving nature of cyber threats and the urgent need for proactive measures.

Let's delve into these vulnerabilities and understand their potential impact:

  1. CVE-2025-68645: A severe PHP vulnerability in Synacor Zimbra Collaboration Suite (ZCS) allows remote attackers to access and manipulate files without authentication. This flaw was addressed in November 2025 with the release of ZCS version 10.1.13.

  2. CVE-2025-34026: An authentication bypass in Versa Concerto SD-WAN orchestration platform could grant unauthorized access to administrative endpoints. The issue was fixed in April 2025 with version 12.2.1 GA.

  3. CVE-2025-31125: Vite Vitejs, a popular web development tool, suffered from an improper access control vulnerability. Attackers could exploit this to return arbitrary file contents to browsers. The issue was patched in March 2025 with multiple versions.

  4. CVE-2025-54313: A supply chain attack targeted eslint-config-prettier and six other npm packages, injecting a malicious DLL called Scavenger Loader. This stealthy attack allows threat actors to steal sensitive information.

But here's where it gets controversial... CVE-2025-54313 is part of a sophisticated phishing campaign. Package maintainers were lured with bogus links, compromising their credentials. This highlights the human element in cybersecurity and the need for robust awareness training.

And this is the part most people miss... CrowdSec reports that exploitation efforts for CVE-2025-68645 have been ongoing since January 14, 2026. The other vulnerabilities' exploitation methods remain unknown, leaving a critical gap in our understanding of the threat landscape.

Pursuant to Binding Operational Directive (BOD) 22-01, Federal agencies must apply these fixes by February 12, 2026, to fortify their networks against active threats. This directive underscores the urgency and severity of the situation.

As we navigate the complex world of cybersecurity, staying informed is crucial. Follow us on Google News, Twitter, and LinkedIn for more exclusive insights and updates on emerging threats and mitigation strategies. Your digital security is our priority!

CISA Adds 4 Critical Software Vulnerabilities to KEV Catalog | Cybersecurity News (2026)
Top Articles
NRL Injury Update: Reece Robson's Thumb Injury Leaves Roosters with Tough Selection Decisions
Dame Antonia Romeo: UK's First Female Cabinet Secretary
Illinois University Moves Classes Online Due to ICE Presence: What’s Happening?
Latest Posts
Princess Catherine's Reluctance: Why She Hesitated to Become Princess of Wales
Ben Shelton Withdraws from Mexican Open 2026: What's Next for the Rising Star?
Recommended Articles
Article information

Author: Arline Emard IV

Last Updated:

Views: 6155

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Arline Emard IV

Birthday: 1996-07-10

Address: 8912 Hintz Shore, West Louie, AZ 69363-0747

Phone: +13454700762376

Job: Administration Technician

Hobby: Paintball, Horseback riding, Cycling, Running, Macrame, Playing musical instruments, Soapmaking

Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.