<ul><li>The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>Federal agencies have until December 16 to patch the vulnerability or stop using the affected software.</li><li>The vulnerability, tracked under CVE-2023-28461, allows attackers to execute arbitrary code on remote devices.</li><li>A Chinese group known as Earth Kasha, linked to the APT10 advanced persistent threat, is said to be exploiting the vulnerability.</li></ul>

US government agencies told to patch these critical security flaws or face attack

Discover more