{"id":207079,"date":"2026-04-29T11:22:00","date_gmt":"2026-04-29T15:22:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/29\/cisa-adds-microsoft-connectwise-vulnerabilities-to-active-exploitation-catalog\/"},"modified":"2026-04-29T11:25:26","modified_gmt":"2026-04-29T15:25:26","slug":"cisa-adds-microsoft-connectwise-vulnerabilities-to-active-exploitation-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/29\/cisa-adds-microsoft-connectwise-vulnerabilities-to-active-exploitation-catalog\/","title":{"rendered":"CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisa-microsoft-connectwise-kev-update\/818817\/\">CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisa-microsoft-connectwise-kev-update\/818817\/\">https:\/\/www.cybersecuritydive.com\/news\/cisa-microsoft-connectwise-kev-update\/818817\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-29 11:22:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The Cybersecurity and Infrastructure Security Agency added two major software flaws to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, acknowledging the evidence that hackers have been using the bugs in recent attacks.<br \/>\nCISA added CVE-2024-1708, a high-severity flaw in ConnectWise\u2019s ScreenConnect remote-access tool, and CVE-2026-32202, a medium-severity flaw in the Windows Shell user interface, to its KEV catalog. Federal agencies have until May 12 to patch the two bugs.<br \/>\nThe ScreenConnect path-traversal vulnerability could allow a hacker to remotely execute code or tamper with sensitive data, while the Windows vulnerability, the result of a defective security mechanism, could allow attackers to impersonate legitimate users.<br \/>\nCISA\u2019s addition of the Windows vulnerability came one day after Microsoft confirmed that hackers were exploiting the flaw.<\/p>\n<p>CVE-2026-32202 is the result of an incomplete patch for a prior Windows Shell vulnerability, CVE-2026-21510, which the Russia-linked hacking group APT28 used in a cyberattack campaign against Ukraine and other European countries in December, Akamai said last week.<br \/>\nThe ConnectWise vulnerability, CVE-2024-1708, has featured in multiple cyberattacks over the past few years, including a North Korea\u2013linked campaign and ransomware attacks by China-linked cybercriminals. Hackers have been pairing CVE-2024-1708 with another high-severity ConnectWise flaw, CVE-2024-1709, to bypass the remote-access software\u2019s authentication mechanisms.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog https:\/\/www.cybersecuritydive.com\/news\/cisa-microsoft-connectwise-kev-update\/818817\/ Publish Date: 2026-04-29 11:22:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207080,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/KaUPWOP9EUOw32dZjDO7PH2eerJzbsxu8hxNDPk0xD8\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9DSVNBX2hlYWRlci5qcGc=.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,27],"class_list":["post-207079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207079"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207079"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207079\/revisions"}],"predecessor-version":[{"id":207081,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207079\/revisions\/207081"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207080"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}