#vulnerability management
29 stories taggedvulnerability management.

CISA Flags Four Live-Exploited Bugs in Adobe, Joomla and Langflow
The US cyber agency gave federal agencies until early December to patch a critical Adobe ColdFusion flaw and three others already being abused in the wild.

Five Eyes spy agencies warn AI will outpace cybersecurity defences within months
The intelligence alliance that links the US, UK, Australia, Canada and New Zealand says AI-powered attacks are arriving faster than most organisations can adapt — and breaches are now a question of when, not if.

A Year of Testing Has Cooled Security Teams' Enthusiasm for AI-Run Hacking Drills
Companies that hoped AI could fully replace human security testers have pulled back sharply. New data shows only 9% still trust fully automated systems — down from nearly a third just twelve months ago.

CISA Flags Actively Exploited SimpleHelp Flaw, Orders Federal Agencies to Patch Fast
A newly listed authentication bypass in SimpleHelp remote-support software is being used in real attacks, and federal agencies now face a hard deadline to fix it.

CISA orders federal agencies to patch SharePoint flaw by Saturday as attacks begin
A newly exploited Microsoft SharePoint bug lands in CISA's Known Exploited Vulnerabilities Catalog, triggering a three-day patching clock under Binding Operational Directive 26-04.

Adobe Rushes Out Fixes for a Dozen Flaws in ColdFusion and Campaign Classic — Six Are as Bad as It Gets
Twelve security holes, six of them rated the highest possible severity, were quietly sitting in two widely used Adobe products. Patches are out. The clock is ticking.

Frontier AI Is a Pressure Test, Not a New Threat Model
The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.

The Patch Cycle Won't Survive Machine-Speed Adversaries
Defenders measured dwell time in days. Agentic attack pipelines are about to measure it in minutes.

AWS Continuum Wants to Close the Gap Between AI-Generated Code and AI-Fixed Vulnerabilities
Amazon's new agentic security service promises continuous discovery, triage, and remediation. In practice, it's a bet that the same AI acceleration creating your backlog can also drain it.

AI Breaks the Assumption Cybersecurity Was Built On
Modern security programs were engineered around deterministic systems. Agentic AI isn't one.

The Exposures Defenders Will Be Cleaning Up in 2026
From memory-leak bugs like MongoBleed to forgotten admin panels, the attack surface keeps growing faster than patch cycles.

Oracle's June 2026 CPU: 245 Patches Across Communications, EBS, and Enterprise Manager
Oracle's second monthly Critical Patch Update ships a significant fix load. If you're running EBS or Enterprise Manager in AWS or on-prem, your change window just got scheduled for you.

CISA's New Directive: Agencies Must Prioritize High-Risk Security Patches
Federal agencies get their marching orders: focus on Known Exploited Vulnerabilities.

The Patch Window Is Closed: Why CISOs Are Quietly Reallocating to BAS
Vulnerability management was built around a buffer between disclosure and weaponization. Generative tooling is collapsing that buffer, and breach-and-attack simulation budgets are absorbing the panic.

JDY Botnet Turns 1,500 Compromised SOHO Devices Into a Nation-State Targeting Engine
Lumen's Black Lotus Labs links the scanning network to Volt Typhoon. The threat isn't the botnet itself — it's the reconnaissance data it harvests before you've even read the CVE advisory.