Federal agencies have until March 1 to fix a pair of actively exploited flaws in Google Chrome and Adobe's Commerce and Magento platforms.
CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.
Federal agencies have until Dec. 23 to track down systems vulnerable to Log4j and apply patches or mitigations.
New guidance from the White House requires CISA to develop policies for federal agencies to move toward automated security incident reporting.
CISA and the FBI are warning that APT groups are exploiting a critical flaw (CVE-2021-44077) in the ManageEngine ServiceDesk Plus tool.