CISA says two more flaws were added to the Known Exploited Vulnerabilities (KEV) catalog this week, signaling active attacks and an urgent need to patch. Here’s the move: check your environment against the KEV list, prioritize assets facing the internet, and verify compensating controls for systems you can’t patch today. Use maintenance windows to remediate, then validate with vulnerability scans and log reviews.