As detailed in Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to address them by June 10, 2026.The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (CVE-2026-48027) resulting from recent supply chain attacks. The Daemon Tools Lite vulnerability was a supply chain attack where official installers were compromised between April and May 2026, appearing legitimate due to valid code-signing certificates. The TanStack flaw involved attackers abusing GitHub Actions to publish 84 malicious package versions containing credential-stealing malware. The Nx Console issue was a malicious version briefly available on the Visual Studio Marketplace and OpenVSX.CISA mandates that federal agencies patch these vulnerabilities to mitigate risks. Private organizations are also strongly encouraged to review the KEV catalog and remediate these issues within their own infrastructures to prevent exploitation.Source: Security Affairs
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




