HomeExplorePricingBlogDocsNew Tracker
Get the App
App StoreGoogle Play
Loading...

Cybersecurity Hacking News

Actively exploited enterprise and infrastructure vulnerabilities tracked by CISA and vendors, including KEV additions and critical patches

Actively exploited enterprise and infrastructure vulnerabilities tracked by CISA and vendors, including KEV additions and critical patches

Enterprise KEVs and Core Infrastructure Flaws

The cybersecurity landscape for enterprise and infrastructure environments continues to face relentless pressure as a broadening wave of actively exploited vulnerabilities emerges. Recent updates from CISA’s Known Exploited Vulnerabilities (KEV) catalog, alongside a flurry of emergency vendor advisories and critical patch releases, highlight not only the persistent threats in traditional areas such as SD-WAN managers, backup systems, and CI/CD pipelines but also reveal new, insidious attack surfaces involving kernel and container isolation weaknesses. This expanding threat horizon demands urgent, coordinated remediation coupled with enhanced governance to prevent potentially catastrophic breaches.

Escalating Active Exploitation Across Enterprise and Infrastructure Technologies

Over recent weeks, threat actors have intensified efforts exploiting a variety of high-severity vulnerabilities across core enterprise infrastructure components:

  • Cisco Catalyst SD-WAN Manager remains a favored target. Attackers leverage remote code execution vulnerabilities to disrupt wide area network operations and establish persistent access inside enterprise networks. Cisco’s latest advisories confirm active exploitation, underscoring the criticality of rapid patch deployment.

  • The Nginx management UI vulnerability (CVE-2026-XXXXX) continues to pose a severe risk. This unauthenticated access flaw enables attackers to extract cryptographic keys and secrets, jeopardizing encrypted communications and backend system integrity. CISA’s addition of this vulnerability to the KEV list has elevated its priority status.

  • Apache ZooKeeper’s recent patches address critical authentication bypass and secret leakage flaws, which, if exploited, could allow unauthorized access to distributed coordination services fundamental to large-scale applications. The impact spans numerous enterprise environments relying on ZooKeeper for configuration and synchronization.

  • A newly disclosed critical Dell hardware and firmware vulnerability has triggered an urgent CISA advisory, as active exploitation attempts risk full system takeover or sensitive data exfiltration. This development highlights the increasing importance of securing platform-level firmware within enterprise environments.

  • Ivanti Endpoint Manager (EPM) faces an actively exploited remote code execution vulnerability. CISA’s decision to shorten patch deadlines for Ivanti and SolarWinds vulnerabilities reflects the heightened risk and the need to accelerate remediation efforts.

  • Veeam Backup & Replication products have received critical patches addressing seven remote code execution flaws. Given backup infrastructures’ role in disaster recovery, these vulnerabilities represent a particularly enticing target for ransomware groups seeking to cripple recovery capabilities.

  • The n8n automation platform’s OAuth misconfiguration affects over 24,700 instances, according to CISA, exposing centralized credentials to compromise. This flaw presents a systemic risk in automation-heavy workflows, where token misuse can cascade into widespread control loss.

  • Microsoft’s out-of-band hotpatch for Windows 11 RRAS (KB5084597) mitigates multiple actively exploited vulnerabilities enabling remote compromise chains, illustrating the necessity of immediate patching in network routing and access services.

  • JetBrains TeamCity’s open redirect vulnerability (CVE-2026-28194) raises alarms over software supply-chain security. Attackers exploit missing authorization controls to inject malicious artifacts into CI/CD pipelines, threatening build integrity and deployment security.

  • The disclosure of a LangSmith account takeover vulnerability further endangers developer credentials and pipeline security, increasing risks of malicious code injection during software development lifecycles.

Expansion of the Attack Surface: Kernel and Container Isolation Vulnerabilities

Adding a new dimension to enterprise risk, recent disclosures have unveiled critical flaws in Linux AppArmor, a widely used mandatory access control framework:

  • These AppArmor vulnerabilities enable root privilege escalation and container isolation bypass, dramatically widening the attack surface within containerized and host environments. Given the increasing reliance on container orchestration and microservices in enterprise infrastructure, these flaws could allow attackers to escape confined environments and compromise host systems.

  • The emergence of these kernel/host-level escalation vulnerabilities compounds existing threats, making comprehensive patching and enhanced container security practices essential parts of modern enterprise defense strategies.

CISA KEV Updates and Vendor Emergency Advisories Heighten Remediation Urgency

In light of confirmed active exploitation, CISA has expanded its KEV catalog with several high-impact vulnerabilities, while simultaneously shortening patch deadlines for critical products such as Ivanti Endpoint Manager and SolarWinds:

  • The shortened remediation windows reflect a heightened risk posture, pressing federal agencies and private enterprises alike to expedite vulnerability management workflows.

  • The inclusion of automation platform flaws—specifically n8n’s OAuth misconfiguration—illustrates CISA’s recognition of growing threats within orchestration and automation domains.

  • Vendor responses from Microsoft, Cisco, JetBrains, Veeam, and Dell include critical patches and out-of-band hotfixes, signaling the narrowing opportunity to secure vulnerable systems before exploitation can proliferate further.

Operational Challenges Amplify Security Risks

Despite the availability of patches, enterprises face significant hurdles in timely remediation:

  • Fragmented patch adoption remains a persistent challenge. For instance, reported Microsoft Edge update failures prolong exposure to critical vulnerabilities, underscoring coordination and compatibility issues in complex environments.

  • The heightened risk to software supply chains and CI/CD pipelines, exemplified by vulnerabilities in TeamCity and LangSmith, calls for stronger security controls, including continuous monitoring to detect and prevent malicious code injection and pipeline sabotage.

  • Exploited network appliances such as Cisco SD-WAN managers and FortiGate devices provide attackers with durable footholds, enabling interception or manipulation of sensitive network traffic and facilitating lateral movement within enterprise networks.

  • The newly exposed kernel and container isolation flaws demand organizations extend their focus beyond traditional application layers to hardened container runtime security and host kernel protection.

Expert Recommendations for Risk Mitigation

To address this multifaceted threat landscape, security professionals advocate the following measures:

  • Prioritize immediate deployment of all KEV-listed patches, with special attention to SD-WAN managers, backup infrastructures, RRAS services, and emerging kernel/container vulnerabilities.

  • Implement comprehensive asset and vulnerability management programs that maintain up-to-date inventories of software versions, network devices, and automation tools to prevent overlooked exposures.

  • Enforce stronger access control protocols, including multi-factor authentication (MFA), rigorous OAuth governance, and frequent credential rotation to mitigate risks from account takeover and token misuse.

  • Enhance monitoring and incident response capabilities using runtime behavioral analytics, network traffic inspection, and anomaly detection focused on management UIs and critical infrastructure components.

  • Adopt supply-chain security best practices, such as artifact allowlisting, strict build authorization controls, and secure secret management within CI/CD pipelines, to defend against malicious injection attacks.

  • Extend security focus to container and host isolation mechanisms, ensuring timely patching of kernel-level vulnerabilities and the deployment of container runtime security solutions.

Conclusion: Bridging the Gap Between Discovery, Exploitation, and Remediation

The current cybersecurity climate reveals a widening chasm between the discovery of critical vulnerabilities, confirmed active exploitation, and the pace of patch adoption. With CISA’s KEV catalog spotlighting an increasing number of actively exploited flaws across networking equipment, automation platforms, backup systems, and now container isolation layers, the imperative for rapid, coordinated patching and governance has never been clearer.

Failure to act decisively exposes enterprises to remote code execution, credential theft, supply-chain sabotage, and persistent network compromise, all of which can lead to severe operational disruption and data loss. Organizations must adopt a holistic security posture that integrates rigorous vulnerability management, enhanced access controls, real-time threat detection, and hardened supply chain practices to safeguard critical enterprise infrastructure.

Staying Ahead: As vendors continue releasing emergency patches and CISA updates KEV entries, enterprises must maintain vigilance, accelerate remediation efforts, and strengthen security architectures to close exploitation windows and defend against this expanding threat horizon.

Sources (17)
Updated Mar 15, 2026