In the same week, CISA's KEV catalog gained a Chromium CSS engine UAF, a Roundcube RCE that hid for over a decade, a BeyondTrust RCE abused by ransomware, and a Dagu RCE due to no default authentication. All four require immediate patching.
A CVSS 10.0 vulnerability in Dell RecoverPoint for VMs was found to have been exploited by the China-linked threat group UNC6201 for more than a year and a half.
