CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog

Eric Geller

29 May 2026

2 min

PME 2 3

BLUF

The Cybersecurity and Infrastructure Security Agency (CISA) added exploited vulnerabilities in a remote access tool and Windows Shell to its catalogue, confirming active attacker use for remote code execution in global cyber campaigns.

Learning Outcomes:

Understand the significance of inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalogue as an indicator of active real-world exploitation.
Assess how remote-access and system-shell vulnerabilities enable privilege escalation, code execution, and identity impersonation.

READ: CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog

References

Cyber Security Drive: High factual reporting
COLLECTIONS/The Runway (airforce.gov.au)
RAAF RUNWAY: RATIONALE GUIDELINES LEARNING OUTCOMES

CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog

BLUF

References

Related articles

Preparing for cyberattacks is good; preventing them is better

Does AI Pose an Existential Risk? We Asked 5 Experts

Swarms are For Agents, Not Just Drones

Is your Chinese EV a ‘ticking time bomb’?