Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
CISA Alerts on Critical Windows and Adobe Vulnerabilities

CISA Alerts on Critical Windows and Adobe Vulnerabilities

Posted on April 14, 2026 By CWS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has enhanced its Known Exploited Vulnerabilities (KEV) catalog with seven newly identified security flaws. This update, announced on Monday, highlights key vulnerabilities affecting both Windows and Adobe software.

Windows Vulnerabilities Under the Spotlight

Among the newly added entries are two critical Windows vulnerabilities. The first, tracked as CVE-2023-36424, involves an issue with the Windows common log file driver, which could potentially allow attackers to escalate privileges on affected systems.

Microsoft addressed this security flaw with patches released in November 2023. Detailed technical information and proof-of-concept (PoC) exploit code were made public in the following month, increasing the urgency for organizations to apply these updates.

Another significant Windows vulnerability, CVE-2025-60710, has been identified as a link-following flaw within the Windows Tasks host process, similarly enabling privilege escalation. Patches were made available in November 2025, with PoC code released shortly thereafter.

Adobe and Other Software Vulnerabilities

The KEV catalog update also includes CVE-2020-9715, a use-after-free vulnerability in Adobe Acrobat and Reader, which could lead to arbitrary code execution. Although a patch was issued in August 2020, the availability of PoC code calls for ongoing vigilance.

Further additions to the list are vulnerabilities such as CVE-2023-21529, associated with Microsoft Exchange and linked to the Medusa ransomware group, as well as CVE-2026-34621 and CVE-2026-21643 in Adobe Acrobat and Fortinet FortiClient EMS, which have been exploited as zero-days.

CISA’s Recommendations for Federal Agencies

CISA strongly advises federal agencies to prioritize the application of patches for these vulnerabilities. Most updates should be implemented within a two-week timeframe, except for the Fortinet vulnerability, which has a deadline set for April 16.

This recommendation emphasizes the critical nature of these vulnerabilities and the potential risk they pose if left unaddressed. Organizations are encouraged to act swiftly to mitigate any potential exploitation attempts.

The ongoing updates to the KEV catalog by CISA underline the importance of proactive cybersecurity measures and the need for timely implementation of security patches to protect sensitive data and systems.

In light of these developments, staying informed and responsive to security advisories is crucial for all organizations relying on affected software.

Security Week News Tags:Adobe vulnerabilities, CISA, CVE, Cybersecurity, Exploit, KEV catalog, patch management, security updates, Windows vulnerabilities, zero-day

Post navigation

Previous Post: AI Scam Targets Google Discover with Fake News
Next Post: Janela RAT Malware Targets Latin American Financial Sector

Related Posts

Critical HPE OneView Vulnerability Exploited in Attacks Critical HPE OneView Vulnerability Exploited in Attacks Security Week News
DragonForce Ransomware Exploits Microsoft Teams Servers DragonForce Ransomware Exploits Microsoft Teams Servers Security Week News
Thousands Hit by The North Face Credential Stuffing Attack Thousands Hit by The North Face Credential Stuffing Attack Security Week News
Zscaler to Acquire MDR Specialist Red Canary Zscaler to Acquire MDR Specialist Red Canary Security Week News
RondoDox Botnet Exploiting React2Shell Vulnerability RondoDox Botnet Exploiting React2Shell Vulnerability Security Week News
Figure Tech Data Breach Exposes 1 Million User Records Figure Tech Data Breach Exposes 1 Million User Records Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark