Back

CISA Alerts on Critical Flaws in SimpleHelp, Samsung MagicINFO, and D-Link Devices

Severity: High (Score: 78.0)

Sources: Foro3D, Abhs.In

Summary

On April 24, 2026, CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog. The affected products include SimpleHelp remote management software, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers. The most critical flaw, CVE-2024-57726, has a CVSS score of 9.9 and allows low-privileged users to escalate privileges to server admin without additional authentication. This vulnerability is being exploited by the DragonForce ransomware operation, which uses it to deploy ransomware across managed devices. Additionally, Samsung's MagicINFO has a command injection vulnerability, and D-Link routers are affected by a buffer overflow. CISA has mandated that federal agencies must patch or discontinue use of these products by May 8, 2026. Organizations using these systems are urged to take immediate action to mitigate risks associated with these vulnerabilities. Key Points: • CISA added four critical vulnerabilities to its KEV catalog on April 24, 2026. • CVE-2024-57726 in SimpleHelp allows privilege escalation, exploited by DragonForce ransomware. • Federal agencies must patch affected systems by May 8, 2026, to avoid exploitation.

Key Entities

  • Botnet (attack_type)
  • DDoS (attack_type)
  • Ransomware (attack_type)
  • Zero-day Exploit (attack_type)
  • China (country)
  • Iran (country)
  • Russia (country)
  • CVE-2024-57726 (cve)
  • CVE-2024-57728 (cve)
  • CVE-2024-7399 (cve)
  • CVE-2025-29635 (cve)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • CWE-22 - Path Traversal (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-78 - OS Command Injection (cwe)
  • Crates.io (platform)
  • D-Link Dir-823x (platform)
  • D-Link Dir-823x Routers (platform)
  • Samsung MagicINFO 9 Server (platform)
  • timeapi.io (domain)
  • Retail (industry)
  • Mirai (malware)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1110 - Brute Force (mitre_attack)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • SimpleHelp (tool)
  • TruffleHog (tool)
  • DragonForce (ransomware_group)
  • Zip-slip (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed