< ciso
brief />
Tag Banner

All news with #vulnerability management tag

213 articles · page 5 of 11

NCSC Warns of AI-Driven Patch Wave and Vulnerabilities

🛡️ The NCSC has warned UK organisations to prepare for a coming "patch wave" as vendors adopt powerful AI tools to discover and fix software vulnerabilities. CTO Ollie Whitehouse urged teams to prioritise external attack surfaces, enable automatic updates and hot patching where safe, and follow the NCSC's Vulnerability Management guidance. He cautioned that patching alone isn't enough for unsupported legacy systems and recommended replacing or restoring out-of-support technologies. The alert also notes potential US moves by CISA to shorten patch deadlines and industry concerns about operational readiness.
read more →

Microsoft: April updates block vulnerable psmounterex.sys

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.
read more →

CrowdStrike Technical Risk Assessments: Exposure Patterns

🔍 CrowdStrike Professional Services' Technical Risk Assessments (TRAs) analyze hundreds of production environments annually to surface common exposure patterns, including unmanaged assets, overlooked credential paths, and the rise of shadow AI. Assessments combine external attack surface enumeration, vulnerability and identity hygiene reviews, and hands-on validation to produce prioritized remediation recommendations. Findings stress that having the right tools is insufficient without operational discipline, clear ownership, and continuous validation to reduce breach likelihood.
read more →

AI-Driven Vulnerability Discovery and Defensive Response

🤖 In the latest Adversary Universe podcast, CrowdStrike leaders discuss how AI is accelerating vulnerability discovery and could produce a rapid surge of new flaws — a potential 'vuln-pocalypse'. They urge prioritizing remediation based on active exploitation and prevalence in environments. CrowdStrike recommends leveraging AI for agentic red teaming, vulnerability scanning, and crowdsourced telemetry to detect post-exploitation behaviors. They point to Project Glasswing and OpenAI's Trusted Access for Cyber as examples of defense-focused collaboration.
read more →

What Happens in the First 24 Hours After an Asset Goes Live

⏱ Attackers discover and target newly public assets within minutes, not days. Continuous internet scanners such as Shodan and Censys catalog open ports and banners within the hour, and automated tooling performs enumeration, credential stuffing, and active probing over the next 12 hours. Sprocket Security’s ASM Community Edition highlights how hidden APIs and misconfigurations are frequently exposed and why human validation is required to prioritize remediation.
read more →

AI Audit Finds 271 Vulnerabilities in Firefox 150 Release

🔍 The Firefox team used frontier AI models in partnership with Anthropic to scan the browser and fix latent security flaws. After earlier work with Opus 4.6 that produced 22 fixes for Firefox 148, an early evaluation of Claude Mythos Preview uncovered 271 vulnerabilities now addressed in Firefox 150. The team worked around the clock to triage and remediate the findings, and observers note this technology favors defenders—provided patches reach users quickly.
read more →

After Mythos: New Playbooks for Zero-Window Defense

🔒 As AI tools such as Claude Mythos and Project Glasswing compress vulnerability discovery from weeks to minutes, the traditional patch window is effectively gone. The piece urges organizations to adopt an assume-breach posture that prioritizes rapid detection, automated attack reconstruction, and immediate containment. Network Detection and Response (NDR) platforms — highlighted via Corelight — are presented as practical instruments to visualize, measure, and reduce mean-time-to-contain.
read more →

AI Discovery Outpaces Remediation: The Mythos Problem

🔎 Anthropic's Claude Mythos Preview has reignited debate about AI-enabled vulnerability discovery and the operational strain that follows. Rapid detection is valuable, but finding issues and verifying fixes are distinct workflows, and many organizations lack the tooling to close that loop. Without centralized tracking, prioritized context, and verified remediation, faster discovery can simply produce a larger backlog of unresolved critical issues. Platforms like PlexTrac are presented as the operational layer needed to normalize findings, assign ownership, and enforce continuous re-testing.
read more →

Webinar: Mythos and Rethinking AI-Speed Exploit Risk

🔒 Join a webinar with Ofer Gayer, VP of Product at Miggo Security, that examines how AI is accelerating automated exploitation and compressing the time between disclosure and active attack. The session explains the concept of the Collapsing Exploit Window and why traditional patch cycles and manual prioritization are no longer sufficient. Attendees will receive practical guidance on prioritizing real-world risk and applying mitigations such as virtual patching to defend at machine speed.
read more →

Project Glasswing Exposes AI-Driven Vulnerability Gap

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.
read more →

Claude Mythos Finds 271 Firefox Flaws, Shifts Security

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.
read more →

Making Rust Workers Reliable: Wasm Panic and Abort Recovery

🛠 Cloudflare explains reliability improvements for Rust Workers that prevent panics and aborts from poisoning Wasm instances. They upstreamed fixes into wasm-bindgen, adding panic=unwind support via WebAssembly Exception Handling so Rust destructors run and instances remain reusable after a panic. They also implemented abort classification, an abort recovery hook, and an experimental --reset-state-function to reinitialize libraries without reimporting them. Users are encouraged to upgrade to workers-rs 0.8.0 and try the --panic-unwind flag for improved stability.
read more →

Anthropic Urges EPSS to Triage AI-Driven Vulnerabilities

🔍 Anthropic warns that its AI vulnerability-discovery system Mythos will sharply increase the pace and volume of software flaws, forcing defenders to prioritize what to fix. The company recommended using the probabilistic EPSS model (developed by Empirical Security and published through FIRST) to triage vulnerabilities—patching CISA’s KEV list first, then addressing CVEs above a chosen EPSS threshold. Empirical Security leaders emphasize that EPSS is machine-driven and already integrated across many vendor products.
read more →

Frontier AI Raises Software Vulnerability Risks, Urgency

⚠️ Unit 42's hands-on evaluation finds frontier AI models can autonomously identify complex software vulnerabilities and map exploit chains, dramatically accelerating the discovery-to-exploitation timeline. The researchers warn this capability raises immediate risks to open source projects and supply chains, and will compress N-day windows to hours. They urge aggressive prevention, automated patching, and hardened development pipelines.
read more →

NCSC outlines coordinated NHS plan to boost cyber resilience

🔒 The NCSC has published a coordinated plan to improve NHS cyber resilience, focusing on piloting tools via ACD 2.0, securing the software supply chain, managing vulnerability disclosures, enhancing visibility and promoting services such as Early Warning, the Cyber Action Toolkit and Cyber Essentials. The agency is applying the Software Security Code of Practice in procurement and using data science to prioritise supplier risk while its Vulnerability Reporting Service continues to support GP surgeries, trusts and health boards. Additional measures include the NHS App adopting passkeys, attack surface management, deception-technology experiments, DNS analytics and Threat Hunting Workshops to develop playbooks and strengthen sector collaboration.
read more →

Frontier AI Collapses Exploit Window: Defenders' Response

⚠️ As frontier AI accelerates vulnerability discovery and exploit development, the traditional window for patching and mitigation is collapsing and defenders must change how they prioritize risk. CrowdStrike urges a shift from volume-focused vulnerability management to exposure-centric programs that evaluate exploitability, reachability, and attack paths. Recommended actions include continuous inside-out and outside-in validation, enforcing zero standing privileges, operating detection and response at machine speed, and applying AI with deliberate governance. CrowdStrike offers a Frontier AI Readiness and Resilience Service and integrates findings into Falcon to operationalize continuous remediation.
read more →

NIST will stop rating lower-priority vulnerabilities

🔍 NIST will stop providing severity scores and detailed enrichment for lower-priority CVEs beginning April 15, citing a surge in submissions that has overwhelmed its capacity. The National Vulnerability Database will continue to list all reported CVEs, but entries deemed low priority will keep only the severity assigned by the submitting CNA. NIST will only add detailed analysis for issues in CISA’s KEV, those affecting U.S. federal software, or critical software defined by EO 14028; organizations may request enrichment for low-priority entries via email to nvd@nist.gov.
read more →

Commercial AI Models Make Rapid Gains in Vulnerability

🔍 Forescout’s Verde Labs reports rapid progress across commercial, open-source and underground AI models in vulnerability research and exploit generation. In 2026 the firm found all tested models could complete end-to-end vulnerability research and about half could autonomously produce working exploits; top performers included Claude Opus 4.6 and Kimi K2.5. Using single prompts, the RAPTOR agentic framework and Verde Labs’ extensions, researchers discovered four zero-days in OpenNDS, demonstrating a lower barrier to discovery and a growing risk for organizations.
read more →

Mythos and the Limits of Private AI Security Control

🔍 Anthropic announced a restricted release of Claude Mythos Preview, an AI claimed to find and weaponize software vulnerabilities at unprecedented scale, and limited access to roughly 50 organizations under Project Glasswing. The company highlighted thousands of flaws across major operating systems and browsers, including decades-old bugs and a set of 181 usable Firefox attacks, far beyond its prior model's performance. Yet the disclosure omits key metrics—false-positive rates, unfiltered outputs, and broad audit access—raising concerns that withholding a powerful tool is not a substitute for transparency, independent review, and funded access for domain experts.
read more →

NIST narrows CVE enrichment to high-priority cases

🔒 NIST will only enrich CVEs in its NVD that meet defined high-priority criteria, citing a 263% surge in submissions from 2020–2025 that overwhelmed its enrichment capacity. Effective April 15, 2026, NIST will prioritize CVEs in CISA's KEV catalog, those affecting software used by the federal government, and software designated critical under EO 14028. CVEs that do not meet those thresholds will remain listed but be marked "Not Scheduled"; stakeholders may request targeted enrichment via email.
read more →