- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on April 24, 2026.
- The flaws impact SimpleHelp, Samsung MagicINFO 9 Server, and end-of-life D-Link DIR-823X routers and could lead to privilege escalation, arbitrary code execution, or command injection.
- Two of the SimpleHelp vulnerabilities have been linked to ransomware campaigns, while exploits targeting D-Link and Samsung aim to deploy variants of the Mirai botnet.
- Federal agencies are mandated to apply fixes or discontinue use of vulnerable devices by May 8, 2026.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) took action on Friday, April 24, 2026, by adding four high-severity vulnerabilities to its official Known Exploited Vulnerabilities catalog due to evidence of active exploitation in the wild.
These security flaws affect remote support software SimpleHelp, Samsung’s digital signage platform MagicINFO, and outdated D-Link routers, posing risks like admin privilege takeover and system hijacking.
However, two SimpleHelp bugs, CVE-2024-57726 and CVE-2024-57728, have reportedly been used as a precursor to ransomware attacks, including campaigns attributed to the DragonForce operation.
Meanwhile, the Samsung CVE-2024-7399 flaw and the D-Link CVE-2025-29635 command injection vulnerability are linked to malicious attempts to deploy Mirai botnet variants.
Consequently, Federal Civilian Executive Branch agencies are required to apply patches promptly or discontinue using the affected D-Link routers by the May 8 deadline to mitigate these active threats.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
