US CISA Advisories
GovPing monitors US CISA Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 2 changes logged to date.
Monday, April 20, 2026
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on April 20, 2026. The vulnerabilities include CVE IDs for PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE Systems Management Appliance, Synacor Zimbra Collaboration Suite, and Cisco Catalyst SD-WAN Manager. CISA cites evidence of active exploitation and notes these are frequent attack vectors posing significant risk to the federal enterprise.
Supply Chain Compromise Impacts Axios Node Package Manager
CISA has issued an alert disclosing a supply chain compromise affecting Axios npm versions 1.14.1 and 0.30.4, which injected malicious dependency plain-crypto-js@4.2.1 that downloads a remote access trojan from threat actor infrastructure. The agency is urging all organizations using Axios npm to immediately downgrade to safe versions (axios@1.14.0 or axios@0.30.3), rotate exposed credentials, and implement recommended npm configuration settings. CISA advises monitoring CI/CD pipelines and developer machines for indicators of compromise, blocking connections to Sfrclak[.]com domains, and mandating phishing-resistant MFA on developer accounts.
Get daily alerts for US CISA Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source details
Activity
Browse Categories
Get US CISA Advisories alerts
We'll email you when US CISA Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.