Timeline
CISA
US federal cybersecurity agency that maintains the KEV catalogue; facing a proposed $707m cut and elimination of 860 positions under Trump's FY27 budget.
5 events
Filters
#117 Apr
Added CVE-2026-3055 to the Known Exploited Vulnerabilities catalogue on 28 March with 2 April FCEB patch deadline
Cybersecurity: Threats and Defences: CitrixBleed 3 lands on SAML broker#117 Apr
Added CVE-2025-53521 to KEV on 28 March 2026
Cybersecurity: Threats and Defences: F5 reclassifies DoS bug to 9.8 RCE#117 Apr
Added CVE-2009-0238 to the KEV catalogue on 14 April 2026 marking it as actively exploited
Cybersecurity: Threats and Defences: 17-year-old Office RCE back on KEV#117 Apr
Assessed with high confidence that Volt Typhoon was pre-positioning in US CNI IT networks for OT lateral movement
Cybersecurity: Threats and Defences: FBI: Salt Typhoon still very much live#117 Apr