Questions Raised Over CISA's Silent Ransomware Updates in KEV Catalog

The CISA has updated 59 entries in its KEV catalog in 2025 to specify that these vulnerabilities have been exploited in ransomware attacks. These changes have raised concerns about the silent nature of these updates made by the agency. The KEV (Known Exploited Vulnerabilities) catalog lists vulnerabilities that are actively exploited and require priority attention from organizations.