Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV update for TP-Link and WhatsApp flaws

Public Sector Action
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

CISA added TP-Link TL-WA855RE flaw CVE-2020-24363 and WhatsApp flaw CVE-2025-55177 to the KEV catalog, reflecting active abuse of both issues. The update gives FCEB agencies a September 23, 2025 deadline to mitigate the vulnerabilities. The TP-Link bug is a missing authentication issue, and the WhatsApp flaw was chained with CVE-2025-43300 in a targeted spyware campaign.

Related Happenings

TP-Link security patch release for CVE-2025-15517

Security Patch Release
First: 25.03.2026 13:11 Last: 25.03.2026 13:11 Sources 1

About this happening: **TP-Link** released **security updates** for its **Archer NX** router series to close a critical authentication-bypass flaw that could let attackers upload firmware without loggi...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

Ivanti Endpoint Manager (EPM) authentication bypass (CVE-2026-1603)

Vulnerability
First: 10.03.2026 13:36 Last: 10.03.2026 13:36 Sources 1

About this happening: A **high-severity** flaw in **Ivanti Endpoint Manager (EPM)** is now **actively exploited**, putting **remote unauthenticated attackers** in position to **bypass authentication**...

Open Happening

Cisco Secure Firewall Management Center (FMC) authentication bypass and RCE flaws (multiple vulnerabilities)

Vulnerability
First: 04.03.2026 21:12 Last: 04.03.2026 21:12 Sources 1

About this happening: **Cisco Secure Firewall Management Center (FMC)** has two **maximum-severity** flaws, **CVE-2026-20079** and **CVE-2026-20131**, that can let **unauthenticated attackers** take ov...

Latest development: 20.03.2026 17:09

CISA ordered Federal Civilian Executive Branch agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco and Amazon threat intelligence reported active exploitation; Cisco updated its bulletin on March 18 to warn that the vulnerability in the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root, and CISA added the CVE to its KEV catalog as known to be used in ransomware campaigns.

Open Happening

Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)

Security Patch Release
First: 04.03.2026 21:12 Last: 04.03.2026 21:12 Sources 1

About this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...

Latest development: 20.03.2026 17:09

CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.

Open Happening

Timeline

  1. 03.09.2025 08:09 2 articles · 8mo ago

    CISA adds TP-Link and WhatsApp flaws to KEV catalog amid active exploitation

    Industry Or Public Sector Update

    CISA adds the TP-Link TL-WA855RE vulnerability CVE-2020-24363 and the WhatsApp vulnerability CVE-2025-55177 to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The TP-Link flaw is a missing authentication weakness that can let an unauthenticated attacker on the same network send a TDDP_RESET POST request for a factory reset and reboot, then set a new administrative password, while the WhatsApp issue was exploited in a highly targeted spyware campaign by chaining it with CVE-2025-43300 and prompted in-app threat notifications to less than 200 users.

    Show sources
    Open in new tab
  2. 03.09.2025 08:09 1 articles · 8mo ago

    FCEB agencies face September 23, 2025 mitigation deadline for KEV-listed flaws

    Mitigation Patch Update

    Federal Civilian Executive Branch agencies are advised to apply the necessary mitigations by September 23, 2025 for CVE-2020-24363 and CVE-2025-55177 to counter active threats.

    Show sources
    Open in new tab