< ciso
brief />
Tag Banner

All news with #patch management tag

105 articles · page 2 of 6

CISA orders rapid patch for exploited cPanel plugin

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical, actively exploited privilege escalation flaw in the LiteSpeed cPanel user-end plugin, tracked as CVE-2026-48172. LiteSpeed released urgent updates to fix the issue in the lsws.redisAble function and advised administrators to check logs and block suspicious IPs. CISA added the flaw to its known exploited vulnerabilities catalog and required patches by May 29 under BOD 22-01.
read more →

CERT‑In issues 12‑hour patch expectation for AI era

🛡️ New guidance from India's CERT-In urges organizations to remediate actively exploited internet-facing vulnerabilities within 12 hours, citing AI-driven acceleration of reconnaissance and exploitation. The document, published on May 25, maps how generative AI, LLMs and autonomous agents speed up vulnerability discovery, phishing and malware creation. It sets tiered timelines for remediation, recommends using the KEV catalog and EPSS for prioritization, and advises interim mitigations when patches are unavailable.
read more →

CERT-In mandates rapid patching to curb AI-enabled threats

🔒 CERT-In has issued a 38‑page blueprint urging organisations to remediate known exploited, internet‑facing critical vulnerabilities within 12 hours where feasible to counter AI‑assisted automation of vulnerability discovery and exploitation. The guidance emphasizes continuous, risk‑based vulnerability and patch management, Zero Trust, defence‑in‑depth, supply chain scrutiny, and secure‑by‑design practices. It also prescribes tiered remediation timeframes for critical and high‑severity flaws and recommends temporary mitigations when patches are unavailable.
read more →

Vulnerabilities Surpass Credentials as Top Breach Entry

🔍 Verizon’s 2025 DBIR finds exploited vulnerabilities were the initial cause in 31% of breaches, overtaking credential abuse at 13%. The report highlights slower remediation: only 26% of critical CISA KEVs were fully fixed, with median patch time rising to 43 days. Analysts warn AI-driven exploit development, sprawling supply chains, and growing vulnerability volumes are worsening the threat landscape, urging risk-based continuous patching and stronger identity controls.
read more →

Why AI Security Strategies Fail at the OT Edge

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.
read more →

Verizon DBIR: Exploitation Replaces Credential Abuse

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.
read more →

EU Cyber Resilience Act: Product Safety and Deadlines

🛡️The EU Cyber Resilience Act (CRA) shifts focus from development practices to product safety, extending CE-like obligations to software, firmware, backend services and connected devices. It mandates SBOMs, minimum support lifecycles, and rapid reporting: organizations must have vulnerability and incident processes in place by Sept 11 and report exploited flaws within 24 hours, with full reports in three days. Many vendors and CIOs remain unprepared, particularly around automated SBOMs, open source obligations, and the wider conformity assessments the law introduces.
read more →

Preparing for an Imminent Surge in Software Patching

🔧 Cisco Talos argues that rapid advances in AI-driven code analysis will soon expose decades of latent software defects, triggering a likely surge in vulnerability disclosures and urgent patches. While AI can augment human reviewers by scanning code at scale, threat actors will also use these tools to find exploits. Organizations should reassess patch prioritization, scale deployment processes, and plan for systems that cannot be quickly patched. Talos recommends zero trust, centralized logging, PowerShell script block logging, and updated incident response playbooks.
read more →

Microsoft Fixes Windows Autopatch Bug Deploying Drivers

🔧 Microsoft has applied a service-side fix for a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some EU-managed Windows devices. The issue affected a limited set of client platforms, including Windows 11 25H2, 24H2, and 23H2. Impacted systems experienced unexpected reboots and, in some cases, system failures depending on the installed drivers. Microsoft says no client-side action is required.
read more →

May 2026 Patch Tuesday: Major Vendor Fix Waves and AI

🔒 Microsoft’s May Patch Tuesday updates address at least 118 security flaws across Windows and other products, including 16 rated critical. This release is notable as the first Patch Tuesday in nearly two years without fixes for known exploited zero-days or previously disclosed vulnerabilities. Other major vendors — Apple, Google, Mozilla and Oracle — have accelerated patch cadences after collaborative AI evaluations. Administrators are advised to apply updates promptly and back up data before upgrading.
read more →

Patching SLAs Should Be the Minimum, Not the Strategy

🔒 The author warns that relying on patching SLAs creates a misleading dashboard: SLAs show ticketing discipline, not true exposure. Easy, agent-patchable items keep scores green while legacy systems and architectural flaws remain in exception queues. Drawing on experience as a CISO and industry reports, the piece promotes cyber risk quantification to express exposures in dollars. It recommends treating SLAs as a floor, tightening exception hygiene, and funding remediation.
read more →

Linux kernel kill switch proposal divides security experts

🛡️A proposal from Linux kernel co-maintainer Sasha Levin would add a configurable kill switch allowing privileged operators to disable specific kernel functions as an emergency mitigation until a patch can be built and deployed. Levin and colleagues provided a suggested implementation and argue it reduces exposure when fleets cannot be rebooted immediately. The suggestion has split experts and admins, with some warning of operational risk and others, including Red Hat, supporting non-disruptive mitigations.
read more →

Refresh Timing Risks: CVE Exposure in Aging Servers

🔍 A healthcare customer bought servers in 2017 and, due to COVID-era lifecycle extensions and current supply-chain bottlenecks, now faces expiring vendor support and long lead times that prevent timely hardware refresh. The article recommends building a complete inventory using scanners (Nessus, Qualys, Rapid7, Greenbone/OpenVAS), network discovery (Nmap) and device fingerprinting (runZero), then mapping assets to NVD and CISA Known Exploited Vulnerabilities (KEV). Use a weighted risk formula to prioritize remediation and sort systems into immediate, managed, and monitored tiers. Document risk acceptance, deploy compensating controls where needed, and consider continuous monitoring with Wazuh.
read more →

Amazon RDS for MySQL Adds Minor Versions 8.0.46 and 8.4.9

🔔 Amazon RDS for MySQL now supports MySQL minor versions 8.0.46 and 8.4.9, aligning with the latest community releases. AWS recommends upgrading to address known security vulnerabilities and to benefit from bug fixes, performance improvements, and new features. You can use automatic minor version upgrades or Amazon RDS Managed Blue/Green deployments to apply updates during scheduled maintenance for safer rollouts.
read more →

CISA Considers Cutting Critical Patch Window to 72 Hours

⚠️ CISA is reportedly weighing a proposal to shorten the remediation window for critical government vulnerabilities from the current 14 days to just 72 hours. The Reuters-sourced report ties the consideration to concerns that AI tools such as Anthropic’s Claude Mythos could accelerate the discovery and weaponization of serious flaws, though CISA has not confirmed the discussion. Security practitioners warn the tighter window would strain testing, asset discovery, and patch deployment; others say it could be attainable with modern automation and processes.
read more →

Oracle moves to monthly security patches to counter AI

🔔 Oracle will issue monthly Critical Security Patch Updates (CSPUs) for its ERP, database and other software, shifting from a quarterly cadence to address faster AI-driven vulnerability discovery. The first monthly CSPU will arrive May 28, then releases will follow on the third Tuesday of each month (June 16, July 21, August 18). Oracle will still publish a cumulative quarterly Critical Patch Update and will auto-apply fixes for customers in Oracle-managed cloud environments. The change primarily affects customers running Oracle software on premises or in third-party hosting.
read more →

NCSC Warns of AI-Driven Patch Wave and Vulnerabilities

🛡️ The NCSC has warned UK organisations to prepare for a coming "patch wave" as vendors adopt powerful AI tools to discover and fix software vulnerabilities. CTO Ollie Whitehouse urged teams to prioritise external attack surfaces, enable automatic updates and hot patching where safe, and follow the NCSC's Vulnerability Management guidance. He cautioned that patching alone isn't enough for unsupported legacy systems and recommended replacing or restoring out-of-support technologies. The alert also notes potential US moves by CISA to shorten patch deadlines and industry concerns about operational readiness.
read more →

Microsoft: April updates block vulnerable psmounterex.sys

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.
read more →

CISA Adds Linux Kernel CVE to Exploited Vulnerabilities

⚠️ CISA added CVE-2026-31431 (Linux Kernel Incorrect Resource Transfer Between Spheres) to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by required due dates; CISA notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and says it will continue updating the KEV Catalog as new exploitation evidence emerges.
read more →

CISA Adds Two Known-Exploited Vulnerabilities to KEV Catalog

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries are CVE-2024-1708, a path traversal flaw in ConnectWise ScreenConnect, and CVE-2026-32202, a protection mechanism failure in Microsoft Windows. Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed flaws by specified due dates, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.
read more →