< ciso
brief />
Tag Banner

All news with #patch management tag

105 articles · page 3 of 6

Project Glasswing Exposes AI-Driven Vulnerability Gap

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.
read more →

Over 1,300 Microsoft SharePoint Servers Remain Unpatched

🚨 Over 1,300 Internet-exposed Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability Microsoft fixed in its April 2026 Patch Tuesday. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition and was flagged as a zero-day exploited in the wild. Fewer than 200 systems have been patched since the update; organizations should apply Microsoft's fixes or recommended mitigations immediately.
read more →

Thousands of ActiveMQ Instances Unpatched After AI-Found Flaw

🔒 Two weeks after the April 7 disclosure of a remote code injection flaw (CVE-2026-34197) in Apache ActiveMQ, ShadowServer reports nearly 6,500 internet-facing instances remain unpatched. The vulnerability affects versions before 5.19.4 and 6.2.3 and can let an authenticated attacker load remote Spring XML to achieve code execution. CISA added the bug to its KEV list and organizations are urged to upgrade immediately.
read more →

CISA Adds Eight Exploited Flaws to KEV Catalog, Fixes Needed

⚠️ CISA added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and highlighting three flaws in Cisco Catalyst SD-WAN Manager. The list includes high-impact issues such as CVE-2025-32975 (Quest KACE SMA, CVSS 10.0) and authentication, path traversal, and XSS flaws in PaperCut, TeamCity, Kentico, and Zimbra. CISA noted prior ties of CVE-2023-27351 to Lace Tempest and recent Arctic Wolf telemetry on KACE abuse; Cisco confirmed active exploitation of two SD-WAN flaws in March 2026. Federal civilian agencies are urged to remediate the three Cisco vulnerabilities by April 23, 2026, and the remaining flaws by May 4, 2026.
read more →

The Collapse of the Patch Window: Rapid Exploitation

🔍 In this Talos Threat Perspective episode, Hazel Burton explores how vulnerabilities are being converted into working exploits far faster than before. Where remediation once took weeks or months, weaponization now occurs in days, hours, and sometimes immediately after disclosure, helped by proof-of-concept code, automation, and AI-assisted tooling such as demonstrated with React2Shell. Attackers are targeting what is exposed, accessible, and valuable, compressing the defender's patch window and forcing new approaches to risk prioritization.
read more →

Analysis: CISA KEV Data Reveals Limits of Human Security

🔍Analysis of more than one billion CISA KEV remediation records across 10,000 organizations over four years shows defensive operations have hit a human ceiling. Time-to-Exploit averages negative seven days while vulnerability volume rose 6.5× since 2022. Qualys identifies a Manual Tax and recommends shifting to autonomous, closed-loop Risk Operations Centers that measure Risk Mass rather than raw CVE counts.
read more →

Patch Window Collapses as Exploits Rapidly Accelerate

⚠️ Rapid7's Cyber Threat Landscape Report shows confirmed exploitation of newly disclosed high- and critical-severity vulnerabilities surged 105% year-over-year, while median time to CISA KEV inclusion fell to 5.0 days and mean time-to-exploit dropped to 28.5 days. Industry observers cite the industrialization of cybercrime and the use of AI to speed discovery and exploit development. Experts warn that patches increasingly act as roadmaps for attackers, and urge adoption of secure-by-design, aggressive pre-release testing, and faster isolation or rebuild capabilities to counter the collapsing patch window.
read more →

Microsoft forces upgrade of unmanaged Windows 11 24H2

🔁 Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. The company says its machine-learning-based intelligent rollout now targets all Home and Pro 24H2 systems not managed by IT, and those devices will stop receiving fixes, time zone updates, technical support, and monthly security updates once 24H2 reaches end of support on October 13, 2026. Users can manually check for the 25H2 update in Settings > Windows Update, pause updates temporarily, or follow Microsoft's support guidance if issues occur.
read more →

Amazon WorkSpaces Applications adds instance drain mode

🔁 Amazon WorkSpaces Applications introduces a drain mode for multi-session fleets that prevents instances from accepting new user sessions while allowing existing sessions to continue uninterrupted. Administrators can use this capability to perform maintenance, apply security patches, or scale down resources without forcibly terminating users. The change routes new connections to other available instances, improving stability and end-user experience, and is available at no additional cost in all supported AWS Regions.
read more →

Five Critical Steps to Strengthen Endpoint Security

🔒 Business resilience begins at the endpoint. Drawing on N-able SOC data, the article highlights that over 900,000 alerts were processed between March and December 2025 and that 18% originated from network and perimeter exploits—threats many endpoint-only tools missed. It prescribes continuous asset visibility, standardized secure configurations, automated patching and remediation, EDR for behavioral detection and response, and integrated backup and recovery to minimize downtime.
read more →

Falcon for IT: Managed Windows Secure Boot Certificate

🔒 CrowdStrike explains how Falcon for IT helps enterprises manage the transition from the Windows UEFI CA 2011 certificate to Windows UEFI CA 2023 ahead of Microsoft’s 2026 enforcement. The content pack provides fleet-wide Secure Boot posture assessment, controlled enrollment into Microsoft’s managed rollout, emergency blocking for incompatible hardware, and centralized audit logging. It emphasizes validating virtualization stacks, coordinating endpoint and server teams, and completing staged rollouts before enforcement to avoid inconsistent firmware trust states and compressed remediation windows.
read more →

AWS Batch: AMI status and AWS Health events for compute

🔔 AWS Batch now reports the AMI status for Batch-provided default Amazon Machine Images when you describe a compute environment, indicating LATEST or UPDATE_AVAILABLE. It also publishes AWS Health Planned Lifecycle Events to provide advance notification of scheduled changes such as AMI deprecations and other lifecycle activities. Both capabilities are available today in all Regions where AWS Batch runs and can be integrated with Amazon EventBridge to automate monitoring and remediation.
read more →

Endpoint Security Fails on One in Five Enterprise Devices

🛡️Research by Absolute Security finds endpoint cybersecurity software fails to protect one in five enterprise devices, creating an equivalent of 76 days per year of increased exposure to attackers. The 2026 Resilience Risk Index, published March 23, ties this gap to patch delays and rising endpoint complexity, with 24% of vulnerability platforms out of compliance. The report urges stronger enforcement of patch and update policies to reduce downtime and remediation costs.
read more →

Amazon RDS Custom: OS Update Scheduling for SQL Server

⚙️ Amazon RDS Custom for SQL Server now enables customers to view and schedule operating system updates for RDS provided engine versions (RPEV), where each RPEV is a SQL Server version pre-installed on an Amazon Machine Image. Customers can check pending updates via the describe-pending-maintenance-actions API or subscribe to event RDS-EVENT-0230 for alerts. They can apply updates immediately or use apply-pending-maintenance-action to schedule installation during the next maintenance window. These capabilities are available in all AWS Regions that offer RDS Custom for SQL Server.
read more →

Federal Push Reinforces the Importance of Perimeter Security

🔒 The article argues the cyber perimeter was never dead but was abandoned, leaving unsupported firewalls, routers, and remote access appliances as easy footholds for attackers. It outlines the FBI’s Operation Winter SHIELD, a concentrated two-month effort targeting weak authentication, excessive privileges, and unpatched edge devices, and CISA’s BOD 26‑02, which mandates removal of end-of-life perimeter hardware within 18 months. The piece warns that neglecting edge devices undermines identity-first strategies and urges CISOs to regain total edge visibility and enforce disciplined asset lifecycles, strong hardware-based authentication, rapid patching, and strict privilege controls.
read more →

Microsoft to Enable Hotpatch Security Updates by Default

🔔 Starting with the May 2026 Windows security update, Microsoft will enable hotpatch security updates by default for all eligible devices managed via Microsoft Intune and the Microsoft Graph API. The updates will be delivered through Windows Autopatch and are intended to halve the time to reach 90% patch compliance by applying fixes without requiring immediate restarts. Organizations can opt out at the tenant level through Intune controls that go live April 1, 2026, and administrators should use the Hotpatch quality updates report to confirm device readiness.
read more →

CISA Adds Five Vulnerabilities to KEV Catalog, March 2026

🔔 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The new entries affect Hikvision, Rockwell, and multiple Apple products and include CVE-2017-7921, CVE-2021-22681, CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000. Under BOD 22-01 Federal Civilian Executive Branch agencies must remediate listed CVEs by the required due dates; CISA strongly urges all organizations to prioritize timely remediation to reduce exposure to common attack vectors.
read more →

UK VMS Cuts Remediation Time for Public Websites by Half

🔒 The UK’s new vulnerability monitoring service (VMS) continuously scans more than 6,000 public bodies, detecting around 1,000 vulnerability types and processing roughly 400 confirmed findings a month. The service reduced median remediation for general vulnerabilities from 53 to 32 days and cut DNS fix times from 50 to eight days. VMS provides specific, actionable guidance and tracks issues until closure, while the government pairs the platform with a £210m Cyber Action Plan and a new Cyber Profession to address skills gaps.
read more →

Third-Party Patching: Securing the Common Business Footprint

🔒 Third-party utilities — PDF readers, archives, email clients, browsers, and remote-access tools — form a predictable business footprint attackers favor because of their ubiquity and users' routine behavior. These background applications often drift unpatched across endpoints, creating high-probability targets that scale across organizations. Continuous visibility and consistent third-party patching are presented as practical levers to reduce real-world exploit risk. Organizations should inventory required tools, remove unused defaults, and prioritize remediation to shrink the exposure window.
read more →

CISA Adds Four Vulnerabilities to Known Exploited Catalog

⚠ CISA has added four vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions are CVE-2008-0015 (Microsoft Windows Video ActiveX remote code execution), CVE-2020-7796 (Synacor Zimbra SSRF), CVE-2024-7694 (TeamT5 ThreatSonar unrestricted upload of dangerous files), and CVE-2026-2441 (Google Chromium CSS use-after-free). BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by the due date, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.
read more →