CISA Adds Four Actively Exploited Flaws to KEV Catalog
⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, including a high-severity PHP remote file inclusion in Zimbra (CVE-2025-68645) and an authentication bypass in Versa Concerto (CVE-2025-34026). One entry describes a supply-chain compromise that trojanized eslint-config-prettier and six related npm packages to deliver a malicious DLL. Federal agencies are required to remediate under BOD 22-01 by February 12, 2026.