Cybersecurity researchers at Cyble have revealed 22 vulnerabilities currently being exploited by threat actors, with nine of them missing from the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.
In its latest blog post, Cyble explained that twelve of the vulnerabilities were flagged by its honeypot sensors after detecting real-world attack attempts. Out of these twelve, only four are listed in CISA’s KEV catalog.
The report also highlights 10 vulnerabilities actively abused by ransomware groups. Interestingly, nine of those have already made it into CISA’s KEV catalog, with just one — CVE-2025-7771 in ThrottleStop.sys — standing out as an exception. This flaw has reportedly been exploited by the MedusaLocker ransomware group.
Adding to the urgency, SolarWinds today rolled out a hotfix addressing CVE-2025-26399 in SolarWinds Web Help Desk. The flaw bypasses patches for CVE-2024-28988, which itself was a patch bypass for CVE-2024-28986. Since CVE-2024-28986 is already part of the KEV catalog, experts warn the new 9.8 CVSS-rated vulnerability could quickly attract attention from attackers.
Cyble researchers documented 12 vulnerabilities under active attack, including:
-
CVE-2025-4949
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: