CISA to allow researchers to report vulnerabilities to exploited bugs catalog

CISA has introduced a standardized nomination form (and continued email option) to allow researchers, vendors, and industry partners to report vulnerabilities — with evidence of exploitation — for inclusion in the Known Exploited Vulnerabilities (KEV) catalog; the change aims to speed validation and KEV additions so defenders can prioritize real-world exploited bugs faster amid accelerating AI-driven discovery and exploitation.