Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Cybersecurity Brief — April 26, 2026

Federal agencies have issued an urgent alert urging organizations to immediately investigate potential compromises of Cisco Catalyst SD-WAN systems. The advisory calls for thorough examination of affected devices, followed by complete updates and hardening measures. The elevated concern from multiple government agencies suggests either active exploitation or credible intelligence of widespread targeting of these enterprise networking systems, which serve as critical infrastructure for many organizations' wide-area networks.

Separately, cloud development platform Vercel confirmed a security breach after threat actors claimed to have compromised its systems and are now attempting to sell stolen data. Vercel, widely used by developers for hosting and deploying web applications, has acknowledged the incident, though details about the scope of the breach and what data may have been exposed remain limited. The breach adds to growing concerns about supply chain security risks in cloud development platforms, where a single compromise could potentially impact thousands of downstream applications and their users.

Sources: Privacy Guides · NCSC

Woman Looking at Computer Screen

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Search Known Exploits

Search for CVEs by vendor to identify known exploited vulnerabilities in your environment

Loading vendors...

Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Loading...

News Logo

Cyber Security News

You may have missed...

📌 Pinned

*

https:betanews.comMar 5

Inside a cyberattack: How hackers steal data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...

Read more →
https://www.wired.comApr 26

Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos | WIRED

But one group of amateur sleuths on Discord found their own, relatively simple ways—no AI hacking required—to gain unauthorized access to a ...

Read more →
https://www.msn.comApr 26

US strikes back at Iran-linked hacking group - MSN

US authorities seized four domains linked to Iran-backed hacker group Handala, accusing it of running cyber-enabled psychological operations and ...

Read more →
https://cryptonews.netApr 26

One of the Oldest Altcoins Hit by a Hacking Incident: Hackers Created Fake Transactions ...

Litecoin, one of the established projects in the cryptocurrency market, shared an important update regarding a critical security vulnerability ...

Read more →
https://www.msn.comApr 26

Hack on US medical company shows reach of Iran's cyber capabilities - MSN

WASHINGTON—Iran pulled off likely the most significant wartime cyberattack against the U.S. in history, leveraging its hacking powers to cause ...

Read more →
https://www.ncsc.gov.ukApr 26

Cisco Catalyst SD-WAN Compromise Alert Issued by Federal Agencies

Federal agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN systems and full updating and hardening o...

Read more →
https://www.bitget.comApr 26

Purrlend Loses $1.5 Million in Dual-Network Exploit

Purrlend DeFi protocol suffered a $1.5 million exploit across HyperEVM and MegaETH networks, adding to April 2026's record of over $600 million in DeF...

Read more →
https://blog.bitfinex.comApr 26

What the KelpDAO Exploit Reveals About DeFi's Hidden Risks

Analysis of how the $292 million KelpDAO bridge exploit demonstrates how single infrastructure failures can propagate across DeFi protocols and create...

Read more →
https://thedefiant.ioApr 26

SparkLend Sees Over $1B in Deposits Since Kelp Exploit as Aave TVL Plunges

Following the KelpDAO exploit, SparkLend received over $1.4 billion in new deposits while Aave's TVL plunged by $10 billion amid capital flight and ba...

Read more →

Updated daily

TOP SITES

Cyber_Comply © 2021-26