"have evidence that ransomware operators are now using this vulnerability in their campaigns. " that ' s a material change in your risk posture. your prioritization calculus should shift. but there ' s no alert, no announcement. just a field change in a json file. this has always …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
69%
"chains. the usual suspects the vendor breakdown shouldn ' t surprise anyone : - microsoft : 16 cves ( sharepoint, print spooler, group policy, mark - of - the - web bypasses, and more ) - ivanti : 6 cves ( connect secure auth bypass, command injection, ssrf, epm ) - fortinet : 5 …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
62%
"have evidence that ransomware operators are now using this vulnerability in their campaigns. " that ' s a material change in your risk posture. your prioritization calculus should shift. but there ' s no alert, no announcement. just a field change in a json file. this has always …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
51%
"the noise in the silence : unmasking cisa ' s hidden kev ransomware updates in 2025, 59 vulnerabilities silently flipped to " known ransomware use. " if cisa updates a vulnerability ' s status in the known exploited vulnerabilities ( kev ) catalog and nobody notices, did it even …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In 2025, 59 KEV entries silently flipped to “known ransomware use.” GreyNoise uncovers the hidden flips, why they matter, and a new feed to track them.