#vulnerability management
28 stories taggedvulnerability management · page 2 of 2.

CISA Triggers Federal Patch Clock on Cisco, Chrome and Arista Bugs Under KEV
Three vulnerabilities added to the Known Exploited Vulnerabilities catalog activate BOD 22-01 remediation deadlines for civilian agencies.

210 CVEs, Three Zero-Days, and a Microsoft Warning That This Is Just the Beginning
June Patch Tuesday sets a volume record. Microsoft says AI-assisted discovery is why, and that you should get used to it.

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds
A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days
AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.

CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited
CVE-2026-28318 crashes the file transfer service. Federal agencies get the usual three-week patch window.

Inspector General Pins NVD Backlog on NIST Mismanagement — But the Real Problem Runs Deeper
A Commerce Department IG report calls out strategic failures, duplicated work, and severity scores that matched only 12% of the time. Budget cuts and genAI-driven vuln volume tell the rest of the story.

HD Moore's Pitch to Defenders: Stop Racing Patches, Reshape the Network
The Metasploit creator argues blast-radius control, not patch velocity, is what regulators and boards should be measuring.

AI Has Minted a New Kind of Attacker — One Who Knows Nothing
Generative AI closes the skill gap between vague criminal intent and working malware. Responsible disclosure norms weren't built for that world.

The Patch Window Is Now Measured in Hours
AI-assisted exploit development has collapsed the time between disclosure and mass exploitation. Traditional vulnerability management workflows weren't built for this pace.

Oracle Launches Monthly Patch Cycle With 35-Flaw Drop, Four CVEs Under Active PoC Threat
A CVSS 10 hole in REST Data Services leads the list. Four older bugs with public exploit code deserve faster attention than their scores suggest.

India Sets a 12-Hour Clock on Exploited Vulnerabilities. Can Enterprises Actually Do It?
CERT-In's new AI-threat framework resets expectations around patch velocity — but the real test is whether organizations even know what's exposed.

IBM and Red Hat Pledge $5 Billion to Lock Down Open Source Supply Chains via Project Lightwell
The initiative targets a deceptively hard problem: patching vulnerabilities in open source dependencies without breaking production workloads that millions of systems depend on.

CERT-In Tightens the Clock: Patch Internet-Facing Bugs in 12 Hours
India's national CERT cites AI-assisted exploit development as the reason small teams now have less than a working day to close exposed holes.