KEV vs CVE — why it matters.

-

KEV vs CVE — why it matters.

CVE KEV

CVE is a Common Vulnerabilities and Exposures entry — a flaw that’s been identified and cataloged.

KEV is a Known Exploited Vulnerability — the same, but with a key difference: attackers are already using it in the wild.

My biggest fear with any central tool is it becoming a KEV. That’s the jump from “possible risk” to active threat. 🚨

⚠️

This week, N-able N-central made that jump. Two CVEs (2025-8875 & 2025-8876) are now on CISA’s KEV list, meaning they’re being exploited right now.

See the catalog on CISA: Known Exploited Vulnerabilities.

Comments

Post a Comment

Popular posts from this blog

When Your Core MSP Tool Becomes the Headline

-
⚠️ Security Advisory: N-able N-central on CISA KEV — CVE-2025-8875 (insecure deserialization) & CVE-2025-8876 (command injection). Active exploitation reported. Update to 2025.3.1 Or install 2024.6 HF2 Enforce MFA for Admins Share client notice MSPs, Take Note: When Your Core Tool Is in the Crosshairs The N-central news shows how fast a central platform can become a central risk. In the MSP world, your RMM/central platform is the heartbeat of patching, monitoring, and response. When it lands on the KEV list, it’s not just a patch—it’s an operational fire drill: validate exposure, confirm versions, brief staff, notify clients, and verify compensating controls. Why It Hurts the MSP Space Trust shockwave: Headlines trigger client anxiety. Even fully patched orgs get the “Are we safe?” calls. Operational drag: War-room time: scanning, change w...
Read more

DoD ↔ Commercial Security & IT Cheat Sheet

-
DoD ↔ Commercial Security & IT Cheat Sheet Quick mappings between common U.S. government (DoD/federal) terms and their closest commercial-world equivalents. IAVA STIG SCAP/ACAS RMF/ATO POA&M HBSS PKI/CAC NIPR/SIPR/JWICS SCIF CDS FedRAMP FISMA CUI DFARS NIST 800-171 CMMC TIC KEV DoDIN FOUO TEMPEST DoD / Gov Term What it Means Closest Commercial Equivalent IAVA / IAVM / IAVB / TA Mandatory alerts & guidance for vulnerabilities on DoD systems. Vendor advisories; CISA KEV ; Patch Tuesday. STIG (DISA) Hardening baselines & config requiremen...
Read more

Days 1 and 2 both are Available

-
Image
🚀 8 Days of Azure PaaS — Updates! Day 1 & Day 2 are live — and this is just the beginning. I’m two days into my new project: 8 Days of Azure PaaS 🎉 Over 8 days, I’m refreshing and documenting my knowledge of Microsoft Azure’s Platform as a Service (PaaS) offerings. Each day I dive into a different piece — App Services, Functions, SQL Database, AKS, Logic Apps, and more — while sharing notes, gotchas, and hands-on examples. 💡 This is a learn-in-public project . I’m sharing the journey openly — the good, the confusing, and the “aha!” moments — along with the learning sources I review. 👉 Read Day 1 — What is PaaS? 👉 Read Day 2 — Azure App Services 🔹 Why I’m Doing This In a recent interview, I realized I’ve been deep in the MSP world, IT security, RMM tools, and PSA platforms — but needed a refresher on Azure’s PaaS side. This project keeps me accountable and ...
Read more