CISA's Hidden Ransomware Updates to KEV Catalog
These articles are AI-generated summaries. Please check the original sources for full details.
CISA Makes Unpublicized Ransomware Updates to KEV Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) has been silently updating its Known Exploited Vulnerabilities (KEV) catalog to reflect ransomware attacks, with 59 vulnerabilities having their ransomware statuses flipped to “Known” in 2025. This change affects the risk posture of organizations, as it indicates that ransomware operators are actively exploiting these vulnerabilities.
Why This Matters
The silent updates to the KEV catalog pose a significant challenge for organizations, as they may not be aware of the evolving threat landscape and the increased risk associated with these vulnerabilities. This can lead to inadequate prioritization and mitigation of vulnerabilities, resulting in potential security breaches and financial losses. For instance, the average cost of a ransomware attack can range from $1.4 million to $2.3 million, highlighting the need for timely and accurate threat intelligence.
Key Insights
- 59 vulnerabilities had their ransomware statuses flipped to “Known” in 2025, indicating active exploitation by ransomware operators (Source: GreyNoise, 2025)
- Remote code execution and authentication bypass vulnerabilities were the most common types among the flipped CVEs, as ransomware operators prioritize “get-in-and-go” attack chains (Source: GreyNoise, 2025)
- The KEV catalog updates are not publicly announced, making it challenging for organizations to stay informed about evolving threats (Source: Dark Reading, 2026)
Working Example
No code example is provided in this context, as the article focuses on the analysis of CISA’s KEV catalog updates and their implications for cybersecurity.
Practical Applications
- Use Case: Organizations can utilize the RSS feed created by GreyNoise to track CISA’s updates to the KEV catalog and stay informed about evolving threats, allowing them to adjust their risk assessments and prioritization accordingly.
- Pitfall: Failing to monitor the KEV catalog updates can lead to inadequate prioritization and mitigation of vulnerabilities, resulting in potential security breaches and financial losses.
References:
Continue reading
Next article
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Related Content
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Ransomware hit record highs in Q3 2025 with 85 active groups and LockBit 5.0’s return.
Osiris Ransomware Leverages POORTRY Driver in Novel BYOVD Attack
The newly discovered Osiris ransomware strain utilized a custom POORTRY driver in a Bring Your Own Vulnerable Driver (BYOVD) attack, resulting in data theft and security tool disabling in November 2025.
U.S. Prosecutors Indict Cybersecurity Insiders for BlackCat Ransomware Attacks
Federal prosecutors in the U.S. have indicted three cybersecurity professionals for orchestrating BlackCat ransomware attacks on five companies between May and November 2023, highlighting the risks of insider threats in the cybersecurity sector.