U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog

CISA added three high-severity supply-chain issues (CVE-2026-8398, CVE-2026-45321, CVE-2026-48027) to its Known Exploited Vulnerabilities catalog after active exploitation: signed DAEMON Tools installers were trojanized and distributed from the vendor site, 42 TanStack npm packages were poisoned via abused GitHub Actions delivering credential‑stealing malware, and a malicious Nx Console extension was briefly published to marketplaces; federal agencies must remediate by June 10, 2026.