Timeline
CISA
US federal cyber lead; runs the KEV catalogue with mandatory federal patch deadlines.
27 of 27 entries (22 events, 5 interactions)
Filters
#522 May
Added CVE-2026-9082 to KEV on 22 May with a five-day federal deadline of 27 May
Cybersecurity: Threats and Defences: Drupal SQL flaw hits PostgreSQL sites#521 May
Added CVE-2025-34291 and CVE-2026-34926 to KEV on 21 May with a 4 June deadline
Cybersecurity: Threats and Defences: AI orchestration flaw joins CISA's KEV#518 May
Added CVE-2026-48027 to KEV on 27 May and issued Alert AA26-148A on 28 May
Cybersecurity: Threats and Defences: GitHub's own code cloned via add-on#415 May
Added CVE-2026-42897 to KEV on 15 May with a 29 May federal remediation deadline before a patch existed
Cybersecurity: Threats and Defences: Exchange repeats the CISA deadline-before-patch trap#414 May
Added CVE-2026-20182 to KEV on 14 May and issued Emergency Directive ED 26-03 with a 3-day federal remediation deadline
Cybersecurity: Threats and Defences: UAT-8616 keeps Cisco SD-WAN under fire#413 May
Added CVE-2026-20182 and CVE-2026-42897 to KEV within 48 hours of the 13 May Patch Tuesday release
Cybersecurity: Threats and Defences: Patch Tuesday clean streak hides out-of-band KEVs#48 May
Added CVE-2026-42208 to the KEV catalogue on 8 May 2026
Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours#37 May
Added CVE-2026-6973 to KEV on 7 May with 10 May federal deadline
Cybersecurity: Threats and Defences: Ivanti EPMM logs fourth KEV zero-day since 2023#36 May
Added CVE-2026-0300 to KEV on 6 May with 9 May deadline
Cybersecurity: Threats and Defences: CISA deadline for PAN-OS RCE lands four days early#330 Apr
Added CVE-2026-41940 to KEV on 30 April with 3 May federal deadline
Cybersecurity: Threats and Defences: cPanel zero-day ran 65 days before patch; Sorry ransomware active#228 Apr
Mentioned in: Scattered Spider's Bouquet arrested in Helsinki
Cybersecurity: Threats and Defences#224 Apr
Disclosed that a federal agency remained compromised six months post-patch
Cybersecurity: Threats and Defences: Federal agency stayed compromised six months#224 Apr
Co-published joint advisory AA26-113A disclosing FIRESTARTER implant and remediation guidance
Cybersecurity: Threats and Defences: FIRESTARTER implant survives every Cisco firewall patch#223 Apr
Mentioned in: Norway joins the Salt Typhoon victim list
Cybersecurity: Threats and Defences#223 Apr
Co-signed 16-agency advisory naming Raptor Train and KV Botnet operators
Cybersecurity: Threats and Defences: Sixteen agencies put IOC extinction in print#220 Apr
Added three Cisco Catalyst SD-WAN Manager CVEs to KEV with a three-day federal remediation deadline
Cybersecurity: Threats and Defences: CISA gives Cisco SD-WAN three days to patch#316 Apr
Mentioned in: CL-STA-1132 exploited PAN-OS since 16 April, log destruction confirmed
Cybersecurity: Threats and Defences#114 Apr
Added CVE-2009-0238 to the KEV catalogue on 14 April 2026 marking it as actively exploited
Cybersecurity: Threats and Defences: 17-year-old Office RCE back on KEV#113 Apr
#113 Apr
#17 Apr
Trump proposes $707m CISA cut, 860 jobs
Cybersecurity: Threats and Defences#16 Apr
“proposed budget cut”
Cybersecurity: Threats and Defences · source event
#128 Mar
Added CVE-2025-53521 to KEV on 28 March 2026
Cybersecurity: Threats and Defences: F5 reclassifies DoS bug to 9.8 RCE#128 Mar
“added to kev catalogue”
Cybersecurity: Threats and Defences · source event
#123 Mar
Added CVE-2026-3055 to the Known Exploited Vulnerabilities catalogue on 28 March with 2 April FCEB patch deadline
Cybersecurity: Threats and Defences: CitrixBleed 3 lands on SAML broker#11 Feb
Assessed with high confidence that Volt Typhoon was pre-positioning in US CNI IT networks for OT lateral movement
Cybersecurity: Threats and Defences: FBI: Salt Typhoon still very much live#11 Feb
“assessed pre positioning threat”
Cybersecurity: Threats and Defences · source event