#patch management
25 stories taggedpatch management.
CISA Flags Oracle WebLogic Bug CVE-2024-21182 as Actively Exploited
A two-year-old T3/IIOP flaw in WebLogic Server is back in the spotlight after CISA added it to the KEV catalog. Federal agencies have three weeks to patch.
The Patch Window Is Now Measured in Hours
AI-assisted exploit development has collapsed the time between disclosure and mass exploitation. Traditional vulnerability management workflows weren't built for this pace.
PoC Drops for 19-Year-Old Linux Kernel Privilege-Escalation Bug in CIFSwitch
A flaw that's been sitting in the kernel since the mid-2000s now has working exploit code. Low-privileged users can reach root.
FortiClient EMS Flaw Sees Fresh Exploitation After April Hotfix
Attackers are still hitting a critical FortiClient EMS vulnerability that Fortinet patched — and flagged as actively exploited — months ago.
CERT-In Tightens the Clock: Patch Internet-Facing Bugs in 12 Hours
India's national CERT cites AI-assisted exploit development as the reason small teams now have less than a working day to close exposed holes.
Ten Thousand Bugs, One Model: Inside Anthropic's Project Glasswing
Claude Mythos Preview has scanned more than a thousand open-source projects and surfaced thousands of critical flaws. The bottleneck has moved — and the patch queue is not moving fast enough.
Unpatched Flaws Now Outpace Stolen Credentials as the Leading Breach Entry Point
Verizon's 2025 DBIR puts vulnerability exploitation at 31% of breach root causes. Median patch time has climbed to 43 days, and only 26% of CISA KEVs were fully remediated — a gap attackers are sprinting through.
Twenty Years of Cyber Lessons and We're Still Losing on the Basics
The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.
The Week the Backlog Came Due: Linux Holes, Defender Zero-Days, and a Poisoned Dev Tool
A messy seven days for defenders, where forgotten servers and trusted tooling did most of the damage.
Twelve Hours, or Else: India's New Patch Clock Starts Ticking
CERT-In tells operators of internet-facing systems to close critical flaws within half a day, citing AI-assisted exploit chains that compress the attacker's runway to minutes.