CISA Adds to Catalog of Exploited Bugs
The Cybersecurity and Infrastructure Security Agency (CISA) released over 40 new additions to its list of exploited bugs.
According to The Record, CISA puts the list together based on evidence of active exploitation, noting that the vulnerabilities listed are “a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.” Andrew Hay, COO at cybersecurity firm LARES Consulting, said CISA likely received intelligence, or perhaps monitored actual activity, which indicates that the vulnerabilities added need to be patched immediately.