Cyber: Cisa Flags Four Security Flaws Under Active Exploitation In Latest...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The addition of CVE-2026-2441 to the KEV catalog comes days after Google acknowledged that "an exploit for CVE-2026-2441 exists in the wild." It's currently not known how the vulnerability is being weaponized, but such information is typically withheld until a majority of the users are updated with a fix so as to prevent other threat actors from joining the exploitation bandwagon.

As for CVE-2020-7796, a report published by threat intelligence firm GreyNoise in March 2025 revealed that a cluster of about 400 IP addresses was actively exploiting multiple SSRF vulnerabilities, including CVE-2020-7796, to target susceptible instances in the U.S., Germany, Singapore, India, Lithuania, and Japan.

"When a user visits a web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware," Microsoft notes in its threat encyclopedia. It also said it's aware of cases where the exploit is used to download and execute Dogkild, a worm that propagates via removable drives.

The worm comes with capabilities to retrieve and run additional binaries, overwrite certain system files, terminate a long list of security-related processes, and even replace the Windows Hosts file in an attempt to prevent users from accessing websites associated with security programs.

It's presently unclear how the TeamT5 ThreatSonar Anti-Ransomware vulnerability is being exploited. Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by March 10, 2026, for optimal protection.

Source: The Hacker News