known exploited vulnerabilities (KEV) Archives

A sign is seen at Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

2 days ago By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

Jul 16, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Questions mount as Ivanti tackles another round of zero-days

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

May 28, 2025 By Matt Kapko

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

The vulnerability threat intelligence firm’s research reinforces a slew of recent reports warning about increased exploits in 2024.

Apr 24, 2025 By Matt Kapko

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

Apr 3, 2025 By Matt Kapko

Palo Alto Networks headquarters in Silicon Valley; Palo Alto Networks, Inc. is an American multinational cyber security company. (Getty Images)

More bugs in Palo Alto Expedition see active exploitation, CISA warns

Hackers have been actively targeting the firewall management software through multiple vulnerabilities.

Nov 15, 2024 By Christian Vasquez

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed ‘must patch’ by feds

The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February.

Oct 14, 2024 By Tim Starks

CISA warns of hackers exploiting bug for end-of-life Ivanti product

Ivanti's Cloud Service Appliance has a "high severity vulnerability" being exploited in the wild.

Sep 13, 2024 By Christian Vasquez

Microsoft Romania headquarters in City Gate Towers situated in Free Press Square, in Bucharest, Romania. (Getty Images)

Here’s what Microsoft fixed in September’s Patch Tuesday

The tech giant's regular vulnerability list includes new vulnerabilities for Windows Updater and Installer.

Sep 10, 2024 By Christian Vasquez