CISA has added two actively exploited vulnerabilities to its KEV catalog: CVE-2017-3066 (CVSS 9.8), a deserialization flaw in Adobe ColdFusion’s Apache BlazeDS library, and CVE-2024-20953 (CVSS 8.8), a deserialization flaw in Oracle Agile PLM, both allowing arbitrary code execution. While there are no public exploitation reports for these flaws, another Oracle Agile PLM vulnerability (CVE-2024-21287) was abused last year. Federal agencies must patch these by March 17, 2025. Meanwhile, GreyNoise reported exploitation attempts on CVE-2023-20198 affecting Cisco devices, linking 110 malicious IPs from Bulgaria, Brazil, and Singapore, with past attacks also tied to Chinese state-sponsored group Salt Typhoon.

‍