In a shocking turn of events, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has graciously added two more vulnerabilities to their Known Exploited Vulnerabilities (KEV) catalog. Hackers around the globe have reportedly sent their gratitude, expressing how much easier it is now to find their targets, thanks to the detailed roadmaps provided by CISA.

The vulnerabilities, which have been affectionately dubbed ‘Santa’s Early Gift’ by thrilled cybercriminals, include a deserialization of untrusted data flaw in Roundcube webmail software, carrying a terrifying CVSS score of 9.9. Experts say the only higher score is the one given to the wisdom behind publicly announcing such exploits, ensuring their broadest possible reach.

Local sysadmins and IT professionals have been seen celebrating with round-the-clock shifts and caffeine overdoses, as they brace themselves for this latest test of their defences. ‘It’s like leaving your front door wide open and adding a neon sign that says ‘Valuables Inside’,’ said one IT manager who wished to remain anonymous for fear of hacker retribution—or possibly just after pulling another all-nighter.