Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

CISA added Copy Fail to the Known Exploited Vulnerabilities (KEV) Catalog, making the Linux flaw a federal remediation priority. The agency ordered federal agencies to secure affected Linux devices within two weeks, with a deadline of May 15. CISA said the vulnerability is a frequent attack vector for malicious cyber actors and told agencies to apply vendor mitigations or stop using the product if mitigations are unavailable.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Open Happening

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Timeline

  1. 08.05.2026 10:45 2 articles · 19d ago

    CISA adds Copy Fail to KEV Catalog and orders federal Linux remediation

    Legal Policy Action Update

    CISA added Copy Fail to its Known Exploited Vulnerabilities (KEV) Catalog and ordered federal agencies to secure affected Linux devices within two weeks, by May 15. The directive treats Copy Fail as a vulnerability posing significant risks to the federal enterprise and instructs agencies to apply vendor mitigations or discontinue use if mitigations are unavailable.

    Show sources
    Open in new tab