The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with a fresh batch of entries spanning consumer utilities, open-source developer libraries, IDE extensions, and remote access platforms — underscoring the breadth of the current threat landscape.
The newly catalogued flaws affect Daemon Tools, TanStack, Nx Console, Windows Shell, and ConnectWise ScreenConnect, as first reported by Security Affairs. CISA's KEV catalog tracks vulnerabilities for which there is confirmed active exploitation in the wild; federal agencies operating under Binding Operational Directive 22-01 are legally required to remediate listed issues within specified deadlines.
Developer supply chain in the crosshairs
Among the most notable additions are flaws in TanStack and Nx Console. TanStack is a widely adopted collection of open-source web framework libraries, while Nx Console is a popular Visual Studio Code extension used for managing Nx monorepo workspaces. Vulnerabilities in tools like these carry outsized risk because they sit at the heart of modern software development workflows — close to source code, build pipelines, and deployment infrastructure. An exploited weakness in a developer dependency or IDE plugin can offer attackers a direct path into an organisation's codebase and CI/CD systems.
Their inclusion in the KEV catalog signals that threat actors have already begun leveraging these weaknesses in real-world attacks, raising the stakes well beyond theoretical risk.
ConnectWise ScreenConnect: a recurring target
The catalog update also covers a flaw in ConnectWise ScreenConnect, a widely deployed remote access and support tool. ScreenConnect has been a repeated favourite for adversaries; vulnerabilities in the platform have previously been weaponised in ransomware campaigns and initial access operations. The latest addition to the KEV list suggests that a new or previously underappreciated attack vector is being actively exploited, reinforcing the importance of timely patching for organisations that rely on the software.
Broader implications for all organisations
While the KEV catalog's remediation mandates apply only to U.S. federal civilian agencies, CISA's listings function as a de facto industry-wide early warning system. The agency only adds entries when exploitation is confirmed, meaning every organisation — regardless of jurisdiction — should treat these disclosures as a prompt to audit its environment and apply available patches.
The diversity of products flagged in this round is particularly instructive. From a consumer disc imaging utility like Daemon Tools to enterprise remote management software and developer-focused open-source libraries, the attack surface cuts across virtually every layer of the technology stack.
Security teams are advised to review the full list of newly added CVEs on CISA's KEV portal, cross-reference them against their asset inventories and dependency manifests, and prioritise remediation accordingly. For developer-centric vulnerabilities specifically, organisations should also audit their extension ecosystems and CI/CD pipeline configurations for exposure.
美國網絡安全和基礎設施安全局(CISA)已將一系列新漏洞加入其「已知被利用漏洞」(KEV)目錄,涉及消費性工具程式、開源 developer libraries、IDE 擴展功能及遠端存取平台——凸顯了當前威脅態勢的廣泛性。
這些新收錄的漏洞影響 Daemon Tools、TanStack、Nx Console、Windows Shell 及 ConnectWise ScreenConnect,最初由 Security Affairs 報導。CISA 的 KEV 目錄追蹤那些已被證實在野外被積極利用的漏洞;依據《約束性操作指令 22-01》運作的聯邦機構,必須在指定期限內依法修復所列問題。
開發供應鏈成為攻擊焦點
最值得關注的新增漏洞包括 TanStack 和 Nx Console 中的缺陷。TanStack 是一套廣泛採用的開源 web framework libraries 集合,而 Nx Console 則是一款熱門的 Visual Studio Code 擴展功能,用於管理 Nx monorepo 工作區。此類工具中的漏洞具有超乎尋常的風險,因為它們處於現代軟件開發工作流程的核心——靠近原始碼、build pipeline 及部署基礎設施。開發者 dependency 或 IDE 外掛程式中若存在可被利用的弱點,攻擊者便可直接滲透組織的 codebase 和 CI/CD 系統。
這些漏洞被納入 KEV 目錄,表明威脅行為者已在現實世界的攻擊中開始利用這些弱點,其風險已遠超理論層面。
ConnectWise ScreenConnect:反覆出現的目標
此次目錄更新亦涵蓋 ConnectWise ScreenConnect 中的一個漏洞,該軟件是一款廣泛部署的遠端存取與支援工具。ScreenConnect 一直是攻擊者青睞的目標;該平台先前已被武器化,用於勒索軟件攻擊行動和初始存取操作。最新納入 KEV 清單,意味著一個新的或先前未被充分重視的攻擊途徑正被積極利用,這凸顯了依賴該軟件的組織及時安装修補程式的重要性。
對所有組織的廣泛影響
雖然 KEV 目錄的修復要求僅適用於美國聯邦民用機構,但 CISA 的清單實際上發揮著全行業預警系統的作用。該機構僅在確認存在利用情況時才會新增條目,這意味著所有組織——無論管轄權如何——都應將這些披露視為審查自身環境並安裝可用修補程式的提示。
本輪標記的產品多樣性尤具啟發意義。從 Daemon Tools 這類消費性磁碟映像工具,到企業級遠端管理軟件以及專為開發者設計的開源 libraries,攻擊面橫跨幾乎整個技術堆疊的各個層面。
建議安全團隊在 CISA 的 KEV 入口查閱完整的新增 CVE 列表,將其與自身的資產清單和 dependency manifest 進行交叉比對,並據此優先安排修復工作。對於特定針對開發者的漏洞,組織還應審查其擴展生態系統和 CI/CD pipeline 配置,以評估潛在暴露風險。