CISA Sneaks New Ransomware Families into KEV List – Defenders Must React

GreyNoise researchers discovered that the Cybersecurity and Infrastructure Security Agency (CISA) has quietly expanded its Known Exploited Vulnerabilities (KEV) list with several new ransomware families. The additions coincide with a measurable rise in exploitation attempts targeting U.S. organizations, as threat actors weaponize these newly cataloged flaws to gain initial footholds in vulnerable networks.

For defenders, the updated KEV list means that traditional static blocklists are no longer sufficient. By integrating the fresh indicators into dynamic blocklists and enforcing real‑time denial of communication to known malicious C2 endpoints, security teams can disrupt the attack chain before ransomware payloads are delivered. Immediate review of firewall, DNS filtering, and SIEM correlation rules is recommended to mitigate the heightened risk.

Categories: Vulnerabilities & Exploits, Threat Intelligence, Malware & Ransomware

Source: Read original article