All news with #vulnerability management tag

🔒 AWS today introduced full repository code review in AWS Security Agent, a capability that performs deep, context-aware security analysis across entire codebases. Unlike traditional static scanners, it reasons about architecture, trust boundaries, and data flows to surface systemic vulnerabilities. When issues are identified, the scanner generates file- and line-specific remediation guidance and exploit proofs-of-concept to accelerate fixes; preview access is available at no extra charge in all Regions.

🔒 The author warns that relying on patching SLAs creates a misleading dashboard: SLAs show ticketing discipline, not true exposure. Easy, agent-patchable items keep scores green while legacy systems and architectural flaws remain in exception queues. Drawing on experience as a CISO and industry reports, the piece promotes cyber risk quantification to express exposures in dollars. It recommends treating SLAs as a floor, tightening exception hygiene, and funding remediation.

🛡️ OpenAI announced Daybreak, a cybersecurity initiative that combines GPT-5.5 family models with Codex Security to identify, test, and propose fixes for vulnerabilities before attackers exploit them. Daybreak builds editable threat models, runs isolated vulnerability tests, and suggests prioritized remediation and patch validation. Access is tightly controlled and available by request, and major vendors are integrating under Trusted Access for Cyber.

🔔 CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-42208, a SQL injection affecting BerriAI LiteLLM. The agency cites evidence of active exploitation and notes that SQLi remains a common, high-risk vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed flaws by their due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.

🔒 Penetration testing shows AI and LLM deployments contain a disproportionate share of severe vulnerabilities. Cobalt’s State of Pentesting Report finds 32% of LLM findings rated high risk versus 13% for legacy enterprise tests, and only 38% of those high-risk LLM issues are remediated. Experts point to emerging attack surfaces — notably prompt injection, now OWASP’s top LLM risk — broader blast radii from model integrations, and fragmented ownership for fixes. Recommended countermeasures include threat modeling, red teaming, least-privilege access, strict output validation, and human approval gates for high-consequence actions.

🔍 A healthcare customer bought servers in 2017 and, due to COVID-era lifecycle extensions and current supply-chain bottlenecks, now faces expiring vendor support and long lead times that prevent timely hardware refresh. The article recommends building a complete inventory using scanners (Nessus, Qualys, Rapid7, Greenbone/OpenVAS), network discovery (Nmap) and device fingerprinting (runZero), then mapping assets to NVD and CISA Known Exploited Vulnerabilities (KEV). Use a weighted risk formula to prioritize remediation and sort systems into immediate, managed, and monitored tiers. Document risk acceptance, deploy compensating controls where needed, and consider continuous monitoring with Wazuh.

🛡️ The NCSC has warned UK organisations to prepare for a coming "patch wave" as vendors adopt powerful AI tools to discover and fix software vulnerabilities. CTO Ollie Whitehouse urged teams to prioritise external attack surfaces, enable automatic updates and hot patching where safe, and follow the NCSC's Vulnerability Management guidance. He cautioned that patching alone isn't enough for unsupported legacy systems and recommended replacing or restoring out-of-support technologies. The alert also notes potential US moves by CISA to shorten patch deadlines and industry concerns about operational readiness.

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.

🔍 CrowdStrike Professional Services' Technical Risk Assessments (TRAs) analyze hundreds of production environments annually to surface common exposure patterns, including unmanaged assets, overlooked credential paths, and the rise of shadow AI. Assessments combine external attack surface enumeration, vulnerability and identity hygiene reviews, and hands-on validation to produce prioritized remediation recommendations. Findings stress that having the right tools is insufficient without operational discipline, clear ownership, and continuous validation to reduce breach likelihood.

🤖 In the latest Adversary Universe podcast, CrowdStrike leaders discuss how AI is accelerating vulnerability discovery and could produce a rapid surge of new flaws — a potential 'vuln-pocalypse'. They urge prioritizing remediation based on active exploitation and prevalence in environments. CrowdStrike recommends leveraging AI for agentic red teaming, vulnerability scanning, and crowdsourced telemetry to detect post-exploitation behaviors. They point to Project Glasswing and OpenAI's Trusted Access for Cyber as examples of defense-focused collaboration.

⏱ Attackers discover and target newly public assets within minutes, not days. Continuous internet scanners such as Shodan and Censys catalog open ports and banners within the hour, and automated tooling performs enumeration, credential stuffing, and active probing over the next 12 hours. Sprocket Security’s ASM Community Edition highlights how hidden APIs and misconfigurations are frequently exposed and why human validation is required to prioritize remediation.

🔍 The Firefox team used frontier AI models in partnership with Anthropic to scan the browser and fix latent security flaws. After earlier work with Opus 4.6 that produced 22 fixes for Firefox 148, an early evaluation of Claude Mythos Preview uncovered 271 vulnerabilities now addressed in Firefox 150. The team worked around the clock to triage and remediate the findings, and observers note this technology favors defenders—provided patches reach users quickly.

🔒 As AI tools such as Claude Mythos and Project Glasswing compress vulnerability discovery from weeks to minutes, the traditional patch window is effectively gone. The piece urges organizations to adopt an assume-breach posture that prioritizes rapid detection, automated attack reconstruction, and immediate containment. Network Detection and Response (NDR) platforms — highlighted via Corelight — are presented as practical instruments to visualize, measure, and reduce mean-time-to-contain.

🔎 Anthropic's Claude Mythos Preview has reignited debate about AI-enabled vulnerability discovery and the operational strain that follows. Rapid detection is valuable, but finding issues and verifying fixes are distinct workflows, and many organizations lack the tooling to close that loop. Without centralized tracking, prioritized context, and verified remediation, faster discovery can simply produce a larger backlog of unresolved critical issues. Platforms like PlexTrac are presented as the operational layer needed to normalize findings, assign ownership, and enforce continuous re-testing.

🔒 Join a webinar with Ofer Gayer, VP of Product at Miggo Security, that examines how AI is accelerating automated exploitation and compressing the time between disclosure and active attack. The session explains the concept of the Collapsing Exploit Window and why traditional patch cycles and manual prioritization are no longer sufficient. Attendees will receive practical guidance on prioritizing real-world risk and applying mitigations such as virtual patching to defend at machine speed.

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.

🛠 Cloudflare explains reliability improvements for Rust Workers that prevent panics and aborts from poisoning Wasm instances. They upstreamed fixes into wasm-bindgen, adding panic=unwind support via WebAssembly Exception Handling so Rust destructors run and instances remain reusable after a panic. They also implemented abort classification, an abort recovery hook, and an experimental --reset-state-function to reinitialize libraries without reimporting them. Users are encouraged to upgrade to workers-rs 0.8.0 and try the --panic-unwind flag for improved stability.

🔍 Anthropic warns that its AI vulnerability-discovery system Mythos will sharply increase the pace and volume of software flaws, forcing defenders to prioritize what to fix. The company recommended using the probabilistic EPSS model (developed by Empirical Security and published through FIRST) to triage vulnerabilities—patching CISA’s KEV list first, then addressing CVEs above a chosen EPSS threshold. Empirical Security leaders emphasize that EPSS is machine-driven and already integrated across many vendor products.

⚠️ Unit 42's hands-on evaluation finds frontier AI models can autonomously identify complex software vulnerabilities and map exploit chains, dramatically accelerating the discovery-to-exploitation timeline. The researchers warn this capability raises immediate risks to open source projects and supply chains, and will compress N-day windows to hours. They urge aggressive prevention, automated patching, and hardened development pipelines.