U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The vulnerability CVE-2024-7399 (CVSS score of 8.8) is […]

CISA BlueHammer (CVE-2026-33825)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

The vulnerability CVE-2024-7399 (CVSS score of 8.8) is an improper limitation of a pathname to a restricted directory issue in Samsung MagicINFO 9 Server version before 21.1050. An attacker can exploit the flaw to write arbitrary file as system authority.

In May 2025, Arctic Wolf researchers observed threat actors exploiting this vulnerability (CVSS score: 8.8) in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released.

CVE-2024-7399 is a flaw in Samsung MagicINFO 9 Server’s input validation, it allows unauthenticated attackers to upload JSP files and execute code with system-level access.

Samsung first disclosed the flaw in August 2024, and at the time, there were no signs of it being exploited. However, just days after a proof-of-concept (PoC) was published on April 30, 2025, threat actors began taking advantage of it. Given how easy it is to exploit, and the public availability of the PoC, experts believe that the attacks are likely to continue.

Samsung addressed the vulnerability with the release of MagicINFO 9 Server version 21.1050 in August 2024.

The second vulnerability, tracked as CVE-2025-29635, allows attackers to inject commands because an attacker-controlled value is copied without proper validation.

This week, Akamai researchers reported that a Mirai botnet is targeting CVE-2025-29635 via crafted POST requests after public PoC disclosure.

The remaining two flaws added to the catalog are:

  • CVE-2024-57726 (CVSS 9.9) – An authorization flaw in SimpleHelp lets low-privileged technicians generate API keys with elevated rights, enabling escalation to full server admin access.
  • CVE-2024-57728 (CVSS 7.2) – A path traversal issue (zip slip) allows admin users to upload crafted ZIP files that place arbitrary files on the system, potentially leading to remote code execution as the SimpleHelp server user.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by May 8, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)