Vulnerability Watchlist: Week Ending 28 June 2026
Every week we track what lands in the CISA Known Exploited Vulnerabilities (KEV) catalogue, the list of flaws that attackers are actively using in the wild. These aren’t theoretical risks sitting in a researcher’s notebook. They’re confirmed in-use, which is exactly why they deserve a place at the top of your patching queue. The week ending 28 June 2026 added six new entries, right in line with the recent 13-week average of about 5.