CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.
Ops Pack
triage-ready iocs + detections
fresh
1
IOC Workbench
typed indicators with fast copy and export actions
2 total
uhttps://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
dwww.cisa.gov
2 indicators staged for handoff.
2
Rule Studio
starter detections generated from this IOC set
2 formats
!Draft output: validate and tune before production rollout.
sigmadraft
title: AHackaday IOC starter detection
id: ahackaday-2026-05-01-cisa-adds-one-known-exploited-vulnerability-to-catalog-4337d6b9
description: IOC starter rule for CISA Adds One Known Exploited Vulnerability to Catalog
status: experimental
author: ahackaday
logsource:
product: network
detection:
selection_iocs:
- "https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog"
- "www.cisa.gov"
condition: selection_iocs
falsepositives:
- unknown
level: medium
coverage
yaradraft
rule ahackaday_2026_05_01_cisa_adds_one_known_exploited_vulnerability_to_catalog_4337d6b9
{
meta:
description = "IOC starter for CISA Adds One Known Exploited Vulnerability to Catalog"
author = "ahackaday"
strings:
$ioc1 = "https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog" nocase
$ioc2 = "www.cisa.gov" nocase
condition:
any of them
}
coverage
3
Response Tracks
fast operational tracks from this incident snapshot
4 tracks
source-backed 1 refs
sources / provenance1
Curated May 01, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.
discussion
Sign in to join the thread and vote on comments.
Loading comments…