CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware


Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns:

  • A Known to be Used in Ransomware Campaigns column in the KEV Catalogthat identifies KEVs associated with ransomware campaigns.
  • A Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns table on StopRansomware.govthat identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG)action for each misconfiguration or weakness.

These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware.

CISA encourages all organizations to review the blog about this RVWP effort, as well as the new KEV catalogcolumn and updated StopRansomware.gov siteand implement applicable mitigations today.

Tags:

Related News

Several vulnerabilities in Google Chrome could allow an arbitrary code executionSeveral vulnerabilities in Google Chrome could allow an arbitrary code execution

Several vulnerabilities in Google Chrome could allow an arbitrary code execution

September 3, 2025
Several vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote codeSeveral vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote code

Several vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote code

August 27, 2025

You may have missed

Several vulnerabilities in Google Chrome could allow an arbitrary code executionSeveral vulnerabilities in Google Chrome could allow an arbitrary code execution

Several vulnerabilities in Google Chrome could allow an arbitrary code execution

September 3, 2025
Several vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote codeSeveral vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote code

Several vulnerabilities in the Netscaler ADC and Netscaler gateway could allow the execution of remote code

August 27, 2025
Several vulnerabilities in Cisco security products could allow an arbitrary code executionSeveral vulnerabilities in Cisco security products could allow an arbitrary code execution

Several vulnerabilities in Cisco security products could allow an arbitrary code execution

August 15, 2025
CISA publishes seven advice on industrial control systemsCISA publishes seven advice on industrial control systems

CISA publishes seven advice on industrial control systems

August 12, 2025
Vulnerability to Sonicwall Sonicos Management Access and SSLVPN could allow unauthorized accessVulnerability to Sonicwall Sonicos Management Access and SSLVPN could allow unauthorized access

Vulnerability to Sonicwall Sonicos Management Access and SSLVPN could allow unauthorized access

August 8, 2025
CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructureCISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

CISA and USCG issues a joint opinion to strengthen cyber-hygiene in critical infrastructure

July 31, 2025