Download Ransomware Index Update Q1 2022


Read about the latest news and updates from the cybersecurity ecosystem.


Posted on Mar 17, 2022

After a year, DHS CISA Adds CVE-2021-21315 to KEVs Catalog!

A researcher from Cyber Security Works (CSW) took a deep dive into this NodeJs CVE 2021-21315 vulnerability and developed a Proof-of-Concept exploit code.

Read More


Posted on Mar 16, 2022 5 minutes

Cyberwar Bulletin 2: Are you ready for this cyberwar?

This bulletin covers CSW's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.

Read More

Sumeetha Manikandan, Priya Ravindran

Posted on Mar 2, 2022 | Updated on Apr 25, 2022 5 minutes

Latency Analysis of DHS CISA KEVs

In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.

Read More

Priya Ravindran, Sumeetha Manikandan

Posted on Mar 2, 2022 | Updated on May 19, 2022 3 minutes

Top Scanners Fail to Flag DHS CISA-warned Known Exploited Vulnerabilities (KEV)

We looked into the DHS CISA KEV catalog one step further and found that 46 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!

Read More

Pavithra Shankar

Posted on Jan 4, 2022 5 minutes

Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)  

Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.

Read More

Surojoy Gupta

Posted on Dec 6, 2021 5 minutes

Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products. In this blog, we have taken a detailed look at top five vendors and the vulnerabilities that plague them.

Read More

Surojoy Gupta

Posted on Nov 22, 2021 | Updated on May 19, 2022 5 minutes

CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities

The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 663 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!

Read More

Surojoy Gupta, Priya Ravindran

Posted on Nov 15, 2021 | Updated on May 25, 2022 5 minutes

20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations

A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.

Read More

Surojoy Gupta