CISA adds four actively exploited vulnerabilities to catalog, sets May deadline

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal Civilian Executive Branch agencies are recommended to apply fixes or discontinue affected products The flaws include CVE-2024-57726 and CVE-2024-57728 in SimpleHelp remote support software, CVE-2024-7399 in Samsung MagicINFO 9 Server, and CVE-2025-29635 in end-of-life D-Link DIR-823X series routers. CVE-2024-57726 allows low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role. CVE-2024-57728 permits admin users to upload arbitrary files via a crafted zip file, which can be exploited to execute arbitrary code. Both issues have been exploited as precursors to ransomware attacks, with at least one campaign attributed to the DragonForce ransomware operation. CVE-2024-7399 is a path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files with system CVE-2025-29635 is a command injection vulnerability in D-Link DIR-823X routers that allows an