CISA added four actively exploited vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers to its Known Exploited Vulnerabilities catalog. The flaws include missing authorization and path traversal in SimpleHelp, a path traversal in Samsung MagicINFO, and a command injection in end-of-life D-Link routers tied to DragonForce ransomware activity and Mirai botnet campaigns; agencies are advised to apply fixes or retire affected appliances by May 8, 2026. #SimpleHelp #Mirai
Keypoints
- CISA added four vulnerabilities to the KEV catalog due to evidence of active exploitation.
- CVE-2024-57726 allows low-privileged technicians to create API keys that can escalate to server admin.
- CVE-2024-57728 and CVE-2024-7399 are path traversal flaws that can write arbitrary files and enable code execution.
- CVE-2025-29635 is a command injection in D-Link DIR-823X routers exploitable via a POST request to /goform/set_prohibiting.
- Exploitation has been linked to DragonForce ransomware and Mirai botnet activity, and agencies should patch or discontinue affected systems by May 8, 2026.
Read More: https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html