Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities catalog, including Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws. These newly added vulnerabilities pose significant risks to system integrity and user data, emphasizing the importance of staying up-to-date with the latest security patches and vulnerability fixes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-2441, a Use-after-Free vulnerability in Google Chrome, is the first newly added vulnerability, discovered by security researcher Shaheen Fazim on February 11, 2026. Avoided vulnerability in TeamT5 ThreatSonar Anti-Ransomware (CVE-2024-7694) allows an attacker to upload crafted malicious files that may lead to full system compromise and data exposure. Zimbra Collaboration Suite (ZCS) before version 8.8.15 Patch 7 is vulnerable to Server-Side Request Forgery (SSRF) vulnerability (CVE-2020-7796). A stack-based buffer overflow in the MPEG2TuneRequest ActiveX control used by Microsoft Windows (CVE-2008-0015) poses significant risks to system integrity and user data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the ever-evolving threat landscape that organizations face in protecting their networks and systems from cyber threats. The newly added vulnerabilities include Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws, which pose significant risks to system integrity and user data.
According to CISA, the first vulnerability added to the catalog is CVE-2026-2441, a Use-after-Free vulnerability in the Google Chrome prior to version 145.0.7632.75. This zero-day exploit was discovered by security researcher Shaheen Fazim on February 11, 2026, and has been confirmed by Google as an existing exploit in the wild. The use of this vulnerability allows an attacker to compromise affected systems, making it essential for organizations to address this issue promptly.
The second vulnerability added is CVE-2024-7694, which impacts TeamT5 ThreatSonar Anti-Ransomware. This arbitrary file upload vulnerability due to improper validation of uploaded content can be exploited by an authenticated attacker with administrator privileges, allowing them to upload crafted malicious files that may lead to full system compromise, data exposure, and disruption of security functions.
The third vulnerability added is CVE-2020-7796, which impacts Zimbra Collaboration Suite (ZCS) before version 8.8.15 Patch 7. This Server-Side Request Forgery (SSRF) vulnerability can be exploited by an attacker to trick the server into making unauthorized outbound requests, potentially accessing internal services or sensitive resources.
The fourth and final vulnerability added is CVE-2008-0015, a stack-based buffer overflow in the MPEG2TuneRequest ActiveX control used by Microsoft Windows. This legacy Windows version flaw was previously identified as vulnerable but has seen renewed attention due to its continued use in various systems.
These newly added vulnerabilities emphasize the importance of staying up-to-date with the latest security patches and vulnerability fixes. Organizations are strongly advised to review the Known Exploited Vulnerabilities catalog and address these issues promptly to protect their networks against attacks exploiting the listed flaws. Furthermore, private organizations must conduct a thorough assessment of their infrastructure to identify potential vulnerabilities and implement necessary measures to prevent exploitation.
The Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities stipulates that federal agencies must address these identified vulnerabilities by March 10, 2026. This directive underscores the need for organizations to prioritize vulnerability management and proactive security strategies.
In light of this new addition to the KEV catalog, it is crucial for individuals and organizations alike to remain vigilant and proactive in addressing emerging threats. By staying informed about the latest security patches and vulnerability fixes, organizations can significantly reduce their exposure to cyber threats and ensure a safer digital landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Growing-Threat-Landscape-US-CISA-Adds-Google-Chromium-CSS-Microsoft-Windows-TeamT5-ThreatSonar-Anti-Ransomware-and-Zimbra-Flaws-to-its-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
Published: Thu Feb 19 01:25:04 2026 by llama3.2 3B Q4_K_M
