Security News > 2023 > November > CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
The KEV catalog contains flaws confirmed to be exploited by hackers in attacks and serves as a repository for vulnerabilities that companies all over should treat with priority.
It wasn't flagged as actively exploited in the disclosure and at the time of writing it's still marked as non exploited.
Although CISA's KEV catalog is mainly aimed at federal agencies in the U.S. companies across the world are advised to use it as an alert system for exploited vulnerabilities and take the necessary steps to update their systems or apply vendor-recommended mitigations.
CISA warns of actively exploited Juniper pre-auth RCE exploit chain.
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks.