{"id":3797,"date":"2025-05-04T19:25:49","date_gmt":"2025-05-04T19:25:49","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=3797"},"modified":"2025-05-04T19:25:53","modified_gmt":"2025-05-04T19:25:53","slug":"cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/","title":{"rendered":"CISA th\u00eam hai l\u1ed7 h\u1ed5ng r\u1ee7i ro cao v\u00e0o danh m\u1ee5c khai th\u00e1c: C\u00e1c \u0111\u1ed9i an ninh n\u00ean l\u00e0m g\u00ec b\u00e2y gi\u1edd"},"content":{"rendered":"<p>C\u01a1 quan An ninh M\u1ea1ng v\u00e0 C\u01a1 s\u1edf H\u1ea1 t\u1ea7ng (CISA) m\u1ed9t l\u1ea7n n\u1eefa \u0111\u00e3 c\u1eadp nh\u1eadt <a class=\"\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">Danh m\u1ee5c L\u1ed7 h\u1ed5ng B\u1ecb khai th\u00e1c \u0111\u00e3 bi\u1ebft (KEV)<\/a>\u2014m\u1ed9t ngu\u1ed3n th\u00f4ng tin quan tr\u1ecdng cho c\u1ea3 nh\u1eefng ng\u01b0\u1eddi b\u1ea3o v\u1ec7 thu\u1ed9c khu v\u1ef1c li\u00ean bang v\u00e0 t\u01b0 nh\u00e2n. V\u00e0o ng\u00e0y 2 th\u00e1ng 5 n\u0103m 2025, hai l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c th\u00eam v\u00e0o v\u00e0 \u0111\u01b0\u1ee3c x\u00e1c nh\u1eadn l\u00e0 \u0111ang b\u1ecb khai th\u00e1c trong th\u1ef1c t\u1ebf:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a class=\"\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34028\">CVE-2025-34028 \u2013 L\u1ed7 h\u1ed5ng Path Traversal trong Commvault Command Center<\/a><\/li>\n\n\n\n<li><a class=\"\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-58136\">CVE-2024-58136 \u2013 L\u1ed7 h\u1ed5ng \u0110\u01b0\u1eddng d\u1eabn Thay th\u1ebf trong YiiFramework: B\u1ea3o v\u1ec7 kh\u00f4ng \u0111\u00fang c\u00e1ch<\/a><\/li>\n<\/ul>\n\n\n\n<p>Nh\u1eefng m\u1edf r\u1ed9ng n\u00e0y nh\u1ea5n m\u1ea1nh s\u1ef1 c\u1ea7n thi\u1ebft cho c\u00e1c t\u1ed5 ch\u1ee9c trong t\u1ea5t c\u1ea3 c\u00e1c l\u0129nh v\u1ef1c ph\u1ea3i duy tr\u00ec c\u1ea3nh gi\u00e1c v\u00e0 ch\u1ee7 \u0111\u1ed9ng trong qu\u1ea3n l\u00fd l\u1ed7 h\u1ed5ng ngay c\u1ea3 khi kh\u00f4ng c\u00f3 y\u00eau c\u1ea7u li\u00ean bang \u0111ang ho\u1ea1t \u0111\u1ed9ng.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"why-these-cves-matter\"><strong>T\u1ea1i sao C\u00e1c CVE n\u00e0y Quan tr\u1ecdng<\/strong><\/h2>\n\n\n<p><a class=\"\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34028\">CVE-2025-34028<\/a> trong Commvault Command Center l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng path traversal cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u1ecdc c\u00e1c th\u01b0 m\u1ee5c kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p ho\u1eb7c ch\u1ea1y m\u00e3 ngo\u00e0i c\u1ea5u tr\u00fac t\u1ec7p d\u1ef1 \u0111\u1ecbnh. L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1eb7c bi\u1ec7t \u0111\u00e1ng lo ng\u1ea1i do t\u00ednh nh\u1ea1y c\u1ea3m c\u1ee7a c\u00e1c h\u1ec7 th\u1ed1ng sao l\u01b0u v\u00e0 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u, v\u1ed1n l\u00e0 m\u1ee5c ti\u00eau \u01b0a th\u00edch c\u1ee7a c\u00e1c k\u1ebb t\u1ea5n c\u00f4ng ransomware v\u00e0 qu\u1ed1c gia.<\/p>\n\n\n\n<p><a class=\"\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-58136\">CVE-2024-58136<\/a> \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn Yii PHP Framework th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c \u1ee9ng d\u1ee5ng web. N\u00f3 l\u00e0 k\u1ebft qu\u1ea3 c\u1ee7a vi\u1ec7c b\u1ea3o v\u1ec7 kh\u00f4ng \u0111\u1ea7y \u0111\u1ee7 c\u00e1c \u0111\u01b0\u1eddng d\u1eabn thay th\u1ebf, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng v\u01b0\u1ee3t qua c\u00e1c ki\u1ec3m so\u00e1t truy c\u1eadp \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf cho n\u00f3. Vi\u1ec7c khai th\u00e1c n\u00f3 c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c s\u1eed d\u1ee5ng tr\u00e1i ph\u00e9p c\u00e1c ch\u1ee9c n\u0103ng ho\u1eb7c d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, do \u0111\u00f3 g\u00e2y ra r\u1ee7i ro \u0111\u00e1ng k\u1ec3 cho c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 qu\u1ea3n tr\u1ecb vi\u00ean n\u1ec1n t\u1ea3ng.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"the-role-of-bod-2201\"><strong>Vai tr\u00f2 c\u1ee7a BOD 22-01<\/strong><\/h2>\n\n\n<p>C\u00e1c c\u01a1 quan thu\u1ed9c Nh\u00e1nh H\u00e0nh ph\u00e1p D\u00e2n s\u1ef1 Li\u00ean bang (FCEB) ch\u1ecbu s\u1ef1 chi ph\u1ed1i c\u1ee7a <a class=\"\" href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities\">Ch\u1ec9 th\u1ecb Ho\u1ea1t \u0111\u1ed9ng R\u00e0ng bu\u1ed9c 22-01<\/a> ph\u1ea3i kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c li\u1ec7t k\u00ea trong KEV trong th\u1eddi gian quy \u0111\u1ecbnh. Ch\u1ec9 th\u1ecb n\u00e0y y\u00eau c\u1ea7u m\u1ed9t ph\u1ea3n \u1ee9ng c\u00f3 c\u1ea5u tr\u00fac, \u01b0u ti\u00ean \u0111\u1ed1i v\u1edbi c\u00e1c CVE \u0111ang b\u1ecb khai th\u00e1c \u0111\u1ec3 c\u00f3 v\u1ecb tr\u00ed an ninh m\u1ea1nh m\u1ebd h\u01a1n tr\u00ean c\u00e1c m\u1ea1ng ch\u00ednh ph\u1ee7.<br>M\u1eb7c d\u00f9 ch\u1ec9 th\u1ecb n\u00e0y nh\u1eafm v\u00e0o c\u00e1c c\u01a1 quan li\u00ean bang, CISA m\u1ea1nh m\u1ebd \u0111\u1ec1 ngh\u1ecb r\u1eb1ng t\u1ea5t c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c\u2014c\u00f4ng ty t\u01b0 nh\u00e2n, nh\u00e0 cung c\u1ea5p c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng quan tr\u1ecdng v\u00e0 nh\u00e0 cung c\u1ea5p SaaS\u2014s\u1eed d\u1ee5ng danh m\u1ee5c KEV nh\u01b0 m\u1ed9t danh s\u00e1ch kh\u1eafc ph\u1ee5c kh\u1ea9n c\u1ea5p.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"expert-advice-for-security-teams\"><strong>L\u1eddi khuy\u00ean c\u1ee7a Chuy\u00ean gia cho C\u00e1c \u0110\u1ed9i An ninh<\/strong><\/h2>\n\n\n<p>T\u1ea1i Security Briefing, ch\u00fang t\u00f4i k\u00eau g\u1ecdi h\u00e0nh \u0111\u1ed9ng ngay l\u1eadp t\u1ee9c cho c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean gi\u00e1m s\u00e1t c\u00e1c c\u00e0i \u0111\u1eb7t Commvault ho\u1eb7c Yii:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ki\u1ec3m tra m\u1ecdi c\u00e0i \u0111\u1eb7t c\u1ee7a Commvault Command Center v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng web d\u1ef1a tr\u00ean Yii.<\/li>\n\n\n\n<li>V\u00e1 ho\u1eb7c \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u c\u00e0ng s\u1edbm c\u00e0ng t\u1ed1t. S\u1ef1 ch\u1eadm tr\u1ec5 k\u00e9o d\u00e0i trong vi\u1ec7c v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c c\u00f4ng khai c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn s\u1ef1 x\u00e2m nh\u1eadp tr\u1ef1c ti\u1ebfp.<\/li>\n\n\n\n<li>\u00c1p d\u1ee5ng c\u00e1c ki\u1ec3m so\u00e1t truy c\u1eadp t\u1ec7p v\u00e0 t\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web (WAF) \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c n\u1ed7 l\u1ef1c truy c\u1eadp path traversal ho\u1eb7c \u0111\u01b0\u1eddng d\u1eabn thay th\u1ebf.<\/li>\n\n\n\n<li>Theo d\u00f5i Danh m\u1ee5c KEV c\u1ee7a CISA h\u00e0ng tu\u1ea7n\u2014t\u00edch h\u1ee3p v\u00e0o c\u00e1c quy tr\u00ecnh qu\u00e9t v\u00e0 kh\u1eafc ph\u1ee5c l\u1ed7 h\u1ed5ng t\u1ef1 \u0111\u1ed9ng.<\/li>\n\n\n\n<li>Ki\u1ec3m tra nh\u1eadt k\u00fd truy c\u1eadp v\u00e0 ti\u1ebfn h\u00e0nh s\u0103n l\u00f9ng m\u1ed1i \u0111e d\u1ecda \u0111\u1ec3 t\u00ecm b\u1ea5t k\u1ef3 d\u1ea5u hi\u1ec7u khai th\u00e1c tr\u01b0\u1edbc \u0111\u00f3, \u0111\u1eb7c bi\u1ec7t l\u00e0 trong c\u00e1c h\u1ec7 th\u1ed1ng \u0111\u1ed1i di\u1ec7n b\u00ean ngo\u00e0i.<\/li>\n<\/ul>\n\n\n\n<p><strong>Suy ngh\u0129 Cu\u1ed1i c\u00f9ng:<\/strong> C\u00e1c c\u1eadp nh\u1eadt li\u00ean t\u1ee5c c\u1ee7a CISA \u0111\u1ed1i v\u1edbi danh m\u1ee5c KEV \u0111\u1ea1i di\u1ec7n cho m\u1ed9t h\u1ec7 th\u1ed1ng c\u1ea3nh b\u00e1o quan tr\u1ecdng. Kh\u00f4ng ph\u1ea3n h\u1ed3i c\u00e1c c\u1ea3nh b\u00e1o n\u00e0y c\u0169ng gi\u1ed1ng nh\u01b0 gi\u1eef c\u00e1c \u0111i\u1ec3m v\u00e0o \u0111\u00e3 bi\u1ebft m\u1edf cho t\u1ed9i ph\u1ea1m m\u1ea1ng, nh\u1eefng k\u1ebb \u0111ang t\u00edch c\u1ef1c l\u1ee3i d\u1ee5ng ch\u00fang. B\u1ea5t k\u1ec3 b\u1ea1n thu\u1ed9c khu v\u1ef1c t\u01b0 nh\u00e2n hay c\u00f4ng c\u1ed9ng, h\u00e3y x\u1eed l\u00fd m\u1ed7i b\u1ed5 sung KEV v\u1edbi \u01b0u ti\u00ean cao nh\u1ea5t. Qu\u1ea3n l\u00fd l\u1ed7 h\u1ed5ng ch\u1ee7 \u0111\u1ed9ng kh\u00f4ng c\u00f2n l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn\u2014n\u00f3 l\u00e0 m\u1ed9t nhu c\u1ea7u c\u1ea7n thi\u1ebft \u0111\u1ec3 b\u1ea3o v\u1ec7 doanh nghi\u1ec7p hi\u1ec7n \u0111\u1ea1i.<\/p>","protected":false},"excerpt":{"rendered":"<p>C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng (CISA) m\u1ed9t l\u1ea7n n\u1eefa c\u1eadp nh\u1eadt Danh m\u1ee5c L\u1ed7 h\u1ed5ng B\u1ecb khai th\u00e1c \u0111\u00e3 bi\u1ebft (KEV) c\u1ee7a m\u00ecnh\u2014m\u1ed9t ngu\u1ed3n th\u00f4ng tin quan tr\u1ecdng cho c\u1ea3 nh\u1eefng ng\u01b0\u1eddi b\u1ea3o v\u1ec7 khu v\u1ef1c li\u00ean bang v\u00e0 t\u01b0 nh\u00e2n. V\u00e0o ng\u00e0y 2 th\u00e1ng 5 n\u0103m 2025,\u2026 <a class=\"more-link\" href=\"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/\">Ti\u1ebfp t\u1ee5c \u0111\u1ecdc <span class=\"screen-reader-text\">CISA th\u00eam hai l\u1ed7 h\u1ed5ng r\u1ee7i ro cao v\u00e0o danh m\u1ee5c khai th\u00e1c: C\u00e1c \u0111\u1ed9i an ninh n\u00ean l\u00e0m g\u00ec b\u00e2y gi\u1edd<\/span><\/a><\/p>","protected":false},"author":3,"featured_media":3798,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":["post-3797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now | Security Briefing<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now | Security Briefing\" \/>\n<meta property=\"og:description\" content=\"The Cybersecurity and Infrastructure Security Agency (CISA) again refreshed its Known Exploited Vulnerabilities Catalog (KEV)\u2014a critical source of information for both federal and private sector defenders. On May 2, 2025,&hellip; Continue reading CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-04T19:25:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-04T19:25:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"966\" \/>\n\t<meta property=\"og:image:height\" content=\"425\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"C\u00e9sar Daniel Barreto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi\" \/>\n\t<meta name=\"twitter:data1\" content=\"C\u00e9sar Daniel Barreto\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 ph\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/\"},\"author\":{\"name\":\"C\u00e9sar Daniel Barreto\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/164e5a0bfff5012ebfb8eb4d03c2c24c\"},\"headline\":\"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now\",\"datePublished\":\"2025-05-04T19:25:49+00:00\",\"dateModified\":\"2025-05-04T19:25:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/\"},\"wordCount\":464,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg\",\"articleSection\":[\"News\"],\"inLanguage\":\"vi\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/\",\"url\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/\",\"name\":\"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now | Security Briefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg\",\"datePublished\":\"2025-05-04T19:25:49+00:00\",\"dateModified\":\"2025-05-04T19:25:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#breadcrumb\"},\"inLanguage\":\"vi\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"vi\",\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg\",\"width\":966,\"height\":425,\"caption\":\"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"vi\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"vi\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/164e5a0bfff5012ebfb8eb4d03c2c24c\",\"name\":\"C\u00e9sar Daniel Barreto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"vi\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9e709cab74f02e628ffc32849980d0ea51903be7d4bcb52e99250bac60f0b683?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9e709cab74f02e628ffc32849980d0ea51903be7d4bcb52e99250bac60f0b683?s=96&d=mm&r=g\",\"caption\":\"C\u00e9sar Daniel Barreto\"},\"description\":\"C\u00e9sar Daniel Barreto is an esteemed cybersecurity writer and expert, known for his in-depth knowledge and ability to simplify complex cyber security topics. With extensive experience in network security and data protection, he regularly contributes insightful articles and analysis on the latest cybersecurity trends, educating both professionals and the public.\",\"url\":\"https:\/\/securitybriefing.net\/vi\/author\/cesarbarreto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CISA Th\u00eam Hai L\u1ed7 h\u1ed5ng Nguy c\u01a1 Cao v\u00e0o Danh m\u1ee5c B\u1ecb Khai th\u00e1c: C\u00e1c \u0110\u1ed9i An ninh N\u00ean L\u00e0m G\u00ec Ngay B\u00e2y Gi\u1edd | Security Briefing","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/","og_locale":"vi_VN","og_type":"article","og_title":"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now | Security Briefing","og_description":"The Cybersecurity and Infrastructure Security Agency (CISA) again refreshed its Known Exploited Vulnerabilities Catalog (KEV)\u2014a critical source of information for both federal and private sector defenders. On May 2, 2025,&hellip; Continue reading CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now","og_url":"https:\/\/securitybriefing.net\/vi\/tin-tuc\/cisa-them-hai-lo-hong-nguy-co-cao-vao-danh-muc-bi-khai-thac-cac-doi-an-ninh-nen-lam-gi-ngay-bay-gio\/","og_site_name":"Security Briefing","article_published_time":"2025-05-04T19:25:49+00:00","article_modified_time":"2025-05-04T19:25:53+00:00","og_image":[{"width":966,"height":425,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg","type":"image\/jpeg"}],"author":"C\u00e9sar Daniel Barreto","twitter_card":"summary_large_image","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"C\u00e9sar Daniel Barreto","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"3 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/"},"author":{"name":"C\u00e9sar Daniel Barreto","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/164e5a0bfff5012ebfb8eb4d03c2c24c"},"headline":"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now","datePublished":"2025-05-04T19:25:49+00:00","dateModified":"2025-05-04T19:25:53+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/"},"wordCount":464,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg","articleSection":["News"],"inLanguage":"vi"},{"@type":"WebPage","@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/","url":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/","name":"CISA Th\u00eam Hai L\u1ed7 h\u1ed5ng Nguy c\u01a1 Cao v\u00e0o Danh m\u1ee5c B\u1ecb Khai th\u00e1c: C\u00e1c \u0110\u1ed9i An ninh N\u00ean L\u00e0m G\u00ec Ngay B\u00e2y Gi\u1edd | Security Briefing","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg","datePublished":"2025-05-04T19:25:49+00:00","dateModified":"2025-05-04T19:25:53+00:00","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/"]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2025\/05\/CISA-Adds-Two-High-Risk-Vulnerabilities-to-Exploited-Catalog.jpg","width":966,"height":425,"caption":"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/news\/cisa-adds-two-high-risk-vulnerabilities-to-exploited-catalog-what-security-teams-should-do-now\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"CISA Adds Two High-Risk Vulnerabilities to Exploited Catalog: What Security Teams Should Do Now"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"B\u00e1o C\u00e1o An Ninh","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"B\u00e1o C\u00e1o An Ninh","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/164e5a0bfff5012ebfb8eb4d03c2c24c","name":"<\/section>","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9e709cab74f02e628ffc32849980d0ea51903be7d4bcb52e99250bac60f0b683?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9e709cab74f02e628ffc32849980d0ea51903be7d4bcb52e99250bac60f0b683?s=96&d=mm&r=g","caption":"C\u00e9sar Daniel Barreto"},"description":"C\u00e9sar Daniel Barreto l\u00e0 m\u1ed9t nh\u00e0 v\u0103n v\u00e0 chuy\u00ean gia an ninh m\u1ea1ng \u0111\u01b0\u1ee3c k\u00ednh tr\u1ecdng, n\u1ed5i ti\u1ebfng v\u1edbi ki\u1ebfn th\u1ee9c s\u00e2u r\u1ed9ng v\u00e0 kh\u1ea3 n\u0103ng \u0111\u01a1n gi\u1ea3n h\u00f3a c\u00e1c ch\u1ee7 \u0111\u1ec1 an ninh m\u1ea1ng ph\u1ee9c t\u1ea1p. V\u1edbi kinh nghi\u1ec7m s\u00e2u r\u1ed9ng v\u1ec1 b\u1ea3o m\u1eadt m\u1ea1ng v\u00e0 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u, \u00f4ng th\u01b0\u1eddng xuy\u00ean \u0111\u00f3ng g\u00f3p c\u00e1c b\u00e0i vi\u1ebft v\u00e0 ph\u00e2n t\u00edch s\u00e2u s\u1eafc v\u1ec1 c\u00e1c xu h\u01b0\u1edbng an ninh m\u1ea1ng m\u1edbi nh\u1ea5t, gi\u00e1o d\u1ee5c c\u1ea3 chuy\u00ean gia v\u00e0 c\u00f4ng ch\u00fang.","url":"https:\/\/securitybriefing.net\/vi\/author\/cesarbarreto\/"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/posts\/3797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/comments?post=3797"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/posts\/3797\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/media\/3798"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/media?parent=3797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/categories?post=3797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/vi\/wp-json\/wp\/v2\/tags?post=3797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}