In a move that has surprised absolutely no one, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new “greatest hits” to its Known Exploited Vulnerabilities (KEV) catalog. This ever-growing list, cherished by hackers worldwide, just got a bit spicier.

The latest additions are already topping the charts in dark web forums, where they’re being celebrated like Grammy-winning singles. Imagine if Spotify had a playlist called ‘Now That’s What I Call Exploited Vulnerabilities, Vol. 2025’—except instead of pop hits, it’s packed with security holes big enough to drive a Trojan horse through.

In fairness, while CISA dutifully catalogs these exploits, patch-averse companies are doing their part by providing free hosting for cybercriminals with outdated security practices. Who knew “in the wild” would end up describing corporate IT departments?