Tag

#vulnerability management

29 stories taggedvulnerability management.

Full-frame edge-to-edge photoreal news-editorial image of a dimly lit server room with rows of dark rack-mounted servers, blue and amber status LEDs reflecting
Vulnerabilities

CISA Flags Four Live-Exploited Bugs in Adobe, Joomla and Langflow

The US cyber agency gave federal agencies until early December to patch a critical Adobe ColdFusion flaw and three others already being abused in the wild.

3 min
Photoreal news-editorial style, 16:9 framing, full-frame edge-to-edge composition
AI Security

Five Eyes spy agencies warn AI will outpace cybersecurity defences within months

The intelligence alliance that links the US, UK, Australia, Canada and New Zealand says AI-powered attacks are arriving faster than most organisations can adapt — and breaches are now a question of when, not if.

3 min
Photoreal news-editorial photograph, 16:9 framing, edge-to-edge composition
AI Security

A Year of Testing Has Cooled Security Teams' Enthusiasm for AI-Run Hacking Drills

Companies that hoped AI could fully replace human security testers have pulled back sharply. New data shows only 9% still trust fully automated systems — down from nearly a third just twelve months ago.

4 min
Photoreal editorial image, 16:9 full-frame edge-to-edge composition
Vulnerabilities

CISA Flags Actively Exploited SimpleHelp Flaw, Orders Federal Agencies to Patch Fast

A newly listed authentication bypass in SimpleHelp remote-support software is being used in real attacks, and federal agencies now face a hard deadline to fix it.

3 min
Full-frame photoreal editorial image of a dimly lit government server room, rows of racks with faint blue and amber status LEDs, one rack door slightly ajar rev
Policy & Regulation

CISA orders federal agencies to patch SharePoint flaw by Saturday as attacks begin

A newly exploited Microsoft SharePoint bug lands in CISA's Known Exploited Vulnerabilities Catalog, triggering a three-day patching clock under Binding Operational Directive 26-04.

3 min
Extreme close-up of a glowing server rack in a dark data centre, amber and blue indicator lights reflecting off brushed metal chassis, shallow depth of field dr
Vulnerabilities

Adobe Rushes Out Fixes for a Dozen Flaws in ColdFusion and Campaign Classic — Six Are as Bad as It Gets

Twelve security holes, six of them rated the highest possible severity, were quietly sitting in two widely used Adobe products. Patches are out. The clock is ticking.

3 min
AI Security

Frontier AI Is a Pressure Test, Not a New Threat Model

The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.

3 min
Opinion

The Patch Cycle Won't Survive Machine-Speed Adversaries

Defenders measured dwell time in days. Agentic attack pipelines are about to measure it in minutes.

3 min
Cloud Security

AWS Continuum Wants to Close the Gap Between AI-Generated Code and AI-Fixed Vulnerabilities

Amazon's new agentic security service promises continuous discovery, triage, and remediation. In practice, it's a bet that the same AI acceleration creating your backlog can also drain it.

3 min
AI Security

AI Breaks the Assumption Cybersecurity Was Built On

Modern security programs were engineered around deterministic systems. Agentic AI isn't one.

3 min
Vulnerabilities

The Exposures Defenders Will Be Cleaning Up in 2026

From memory-leak bugs like MongoBleed to forgotten admin panels, the attack surface keeps growing faster than patch cycles.

3 min
Vulnerabilities

Oracle's June 2026 CPU: 245 Patches Across Communications, EBS, and Enterprise Manager

Oracle's second monthly Critical Patch Update ships a significant fix load. If you're running EBS or Enterprise Manager in AWS or on-prem, your change window just got scheduled for you.

2 min
Policy & Regulation

CISA's New Directive: Agencies Must Prioritize High-Risk Security Patches

Federal agencies get their marching orders: focus on Known Exploited Vulnerabilities.

2 min
Opinion

The Patch Window Is Closed: Why CISOs Are Quietly Reallocating to BAS

Vulnerability management was built around a buffer between disclosure and weaponization. Generative tooling is collapsing that buffer, and breach-and-attack simulation budgets are absorbing the panic.

3 min
Threat Intelligence

JDY Botnet Turns 1,500 Compromised SOHO Devices Into a Nation-State Targeting Engine

Lumen's Black Lotus Labs links the scanning network to Volt Typhoon. The threat isn't the botnet itself — it's the reconnaissance data it harvests before you've even read the CVE advisory.

2 min
© 2026 Threat Vectr