Federal Mandate

CISA's May 20 KEV update includes two actively exploited Microsoft Defender vulnerabilities and five legacy flaws from 2008-2010. Federal agencies have until June 3 to patch.

CISA adds CVE-2026-35616 to KEV catalog with April 9 deadline for federal agencies. Nearly 2,000 FortiClient EMS instances remain exposed as exploitation continues.