Urgent warning highlights rising cyber threats as organizations are told to patch systems immediately
Washington, D.C., 12 February 2026 – The U.S. cybersecurity watchdog has issued a fresh warning after adding six newly discovered software vulnerabilities affecting Microsoft products to its high-risk watchlist. The alert from the Cybersecurity and Infrastructure Security Agency signals that hackers are already exploiting these flaws and that organizations should fix them as quickly as possible.
The vulnerabilities were added to the Known Exploited Vulnerabilities catalog, a list created in 2022 to track security weaknesses that pose serious risks to networks. When a flaw is added to this list, it means there is real-world evidence that attackers are actively using it.
All six newly listed issues affect systems made by Microsoft and could allow hackers to gain unauthorized access, raise their privileges inside a system, or disrupt operations. Some can be triggered remotely through malicious files or web content, while others require limited access but can be used to gain full control of a device once inside.
In simple terms, these weaknesses act like unlocked doors in software. Cybercriminals and advanced hacking groups can use them to sneak into systems, steal data, spread malware, or shut down services. Several of the flaws involve widely used tools such as Windows components, Word documents, remote desktop services, and web rendering engines.
Security experts say these kinds of vulnerabilities are especially dangerous because attackers often combine them into chains. For example, one flaw might allow entry, another may raise access rights, and a third could help move across a network unnoticed.
One listed issue allows remote code execution through crafted files or network data, meaning attackers can run their own programs on a target system. Another affects document processing in Word, which could allow hidden malware to run when a file is opened. Others focus on privilege escalation, enabling hackers with limited access to gain administrator-level control.
The agency noted that most of last year’s high-risk vulnerability additions involved Microsoft systems, showing how widely used platforms often become prime targets. Once a flaw is publicly known, automated scanning tools can rapidly search the internet for unpatched machines, increasing the speed of attacks.
Government agencies are required to fix these issues by specific deadlines, while private organizations are strongly advised to do the same. Experts recommend installing the latest updates, enabling automatic patching, monitoring systems for suspicious activity, restricting unnecessary remote access, and segmenting networks to limit damage if a breach occurs.
The growing number of exploited vulnerabilities highlights a broader trend in cybersecurity: attackers are moving faster, using automation and advanced techniques to exploit newly discovered weaknesses before organizations can respond.