The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws in Microsoft Windows, Exchange Server, and Adobe Acrobat. Federal agencies are required to patch these vulnerabilities under Binding Operational Directive 22-01, though CISA is urging all organizations to prioritize remediation given active exploitation in the wild.