U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

CISA added seven vulnerabilities — including several critical Microsoft and Adobe CVEs (RCEs, use-after-free, and Defender elevation/DoS issues) — to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to remediate them by June 3, 2026; the report notes high CVSS scores and that an APT (GREF) exploited one Internet Explorer flaw as a zero-day in targeted attacks.