Web Security Under Siege: CISA KEV Update, Copilot, & GitLab Flaws

AI's Escalating Role in Vulnerability Discovery and Exploitation

• Artificial intelligence systems are rapidly improving their capabilities to identify and exploit vulnerabilities across the internet, leading to concerns about the future of cybersecurity.
• Researchers are observing that AI models can now quickly discover zero-day vulnerabilities in common software and even develop sophisticated exploits, potentially outpacing human defenders.
• The increased speed and autonomy of AI-driven vulnerability research necessitates a re-evaluation of defense strategies and a focus on proactive security measures.

Source: Schneier on Security | Date: January 25, 2026

CISA Adds Actively Exploited Web Application Flaws to KEV Catalog

• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include four enterprise software flaws, several of which impact web-facing applications.
• Specifically, CVE-2023-34624 in Synacor Zimbra Collaboration Suite and CVE-2023-34092 in Vite Vitejs are listed, highlighting active exploitation of these web application components.
• Other additions include CVE-2023-40000 in Versa Concerto SD-WAN orchestration platform and CVE-2023-45133 in Prettier eslint-config-prettier, all confirmed to be under active attack and requiring immediate patching.

Source: The Hacker News | Date: January 23, 2026

Critical Vulnerabilities in Microsoft Copilot Enabled Information Theft

• Multiple critical vulnerabilities were discovered in Microsoft Copilot that could allow attackers to steal sensitive user information.
• These flaws potentially included prompt injection techniques, allowing manipulation of the AI assistant to exfiltrate data or compromise user privacy within web interfaces.
• The vulnerabilities highlight the evolving attack surface presented by AI integrations in browsers and web applications, demanding vigilance from users and developers alike.

Source: Security.nl | Date: January 24, 2026

GitLab Addresses Multiple High-Severity Vulnerabilities with Critical Patch Updates

• GitLab released critical security patches to remediate several high-severity vulnerabilities impacting its self-managed and GitLab.com platforms.
• The updates address flaws that could lead to remote code execution, unauthorized access, or data manipulation within the web-based DevOps platform.
• Users of GitLab are strongly advised to update their instances immediately to the latest patched versions to protect against potential exploitation of these critical security issues.

Source: The Cyber Express | Date: January 24, 2026

Critical Appsmith Flaw (CVSS 9.4) Exposes Unpublished Actions in Web Apps

• A critical vulnerability with a CVSS score of 9.4 was discovered in Appsmith, a popular low-code web application development platform, exposing unpublished actions.
• The flaw allowed unauthorized users to access private or unpublished application components, potentially leading to information disclosure and unauthorized data manipulation.
• Organizations using Appsmith are urged to review their deployments and apply any available patches to mitigate the risk of sensitive data exposure in their web applications.

Source: SecurityOnline.info | Date: January 22, 2026

References

1. AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities - Schneier on Security
2. CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities - The Hacker News
3. Kritieke lekken in Microsoft Copilot konden aanvaller informatie laten stelen - Security.nl
4. GitLab Releases Critical Patch Updates to Address Multiple High-Severity Vulnerabilities - The Cyber Express
5. Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4) - SecurityOnline.info