Download Ransomware Index Update Q1 2022

CISA KEV Blogs

Read about the latest news and updates from the cybersecurity ecosystem.

Posted on Jun 29, 2022 5 minutes

MITRE Mapping of CISA KEVs and its Challenges

This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK

Read More

CSW Research Team

Posted on May 25, 2022

CVE-2022-22972: DHS CISA Directs Federal Agencies to Take Immediate Action Against VMware Bugs

The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.

Read More

Pavithra Shankar

Posted on Mar 2, 2022 | Updated on June 15, 2022 5 minutes

Latency Analysis of DHS CISA KEVs

In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.

Read More

Priya Ravindran, Sumeetha Manikandan

Posted on Mar 2, 2022 | Updated on June 23, 2022 3 minutes

Top Scanners Fail to Flag DHS CISA-warned Known Exploited Vulnerabilities (KEV)

We looked into the DHS CISA KEV catalog one step further and found that 56 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!

Read More

Pavithra Shankar

Posted on Jan 4, 2022 5 minutes

Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)  

Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.

Read More

Surojoy Gupta

Posted on Dec 6, 2021 5 minutes

Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products. In this blog, we have taken a detailed look at top five vendors and the vulnerabilities that plague them.

Read More

Surojoy Gupta

Posted on Nov 22, 2021 | Updated on July 1, 2022 5 minutes

CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities

The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 786 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!

Read More

Surojoy Gupta, Priya Ravindran