CISA KEV List Quietly Added New Ransomware Signatures—Defenders Must React

GreyNoise’s latest research uncovered that the Cybersecurity and Infrastructure Security Agency (CISA) silently refreshed its Known Exploited Vulnerabilities (KEV) list with additional ransomware signatures. The update was not announced publicly, but the team detected the change by correlating newly observed malicious payload hashes with the KEV feed, revealing a surge of ransomware campaigns aimed at small and mid‑sized enterprises.

The added indicators include fresh exploit CVEs and command‑and‑control domains linked to active ransomware families. This expands the threat surface for organizations that rely on the KEV list for automated blocking and alerting. Defenders need to ingest the new IOCs immediately, verify coverage in existing detection rules, and prioritize patching of the newly listed vulnerabilities to stop the wave before it escalates.

Categories: Threat Intelligence, Vulnerabilities & Exploits, Malware & Ransomware

Source: Read original article