Tag

#vulnerability management

28 stories taggedvulnerability management · page 2 of 2.

Policy & Regulation

CISA Triggers Federal Patch Clock on Cisco, Chrome and Arista Bugs Under KEV

Three vulnerabilities added to the Known Exploited Vulnerabilities catalog activate BOD 22-01 remediation deadlines for civilian agencies.

2 min
Vulnerabilities

210 CVEs, Three Zero-Days, and a Microsoft Warning That This Is Just the Beginning

June Patch Tuesday sets a volume record. Microsoft says AI-assisted discovery is why, and that you should get used to it.

3 min
AI Security

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds

A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

3 min
Vulnerabilities

Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days

AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.

3 min
Vulnerabilities

CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited

CVE-2026-28318 crashes the file transfer service. Federal agencies get the usual three-week patch window.

2 min
Policy & Regulation

Inspector General Pins NVD Backlog on NIST Mismanagement — But the Real Problem Runs Deeper

A Commerce Department IG report calls out strategic failures, duplicated work, and severity scores that matched only 12% of the time. Budget cuts and genAI-driven vuln volume tell the rest of the story.

3 min
Policy & Regulation

HD Moore's Pitch to Defenders: Stop Racing Patches, Reshape the Network

The Metasploit creator argues blast-radius control, not patch velocity, is what regulators and boards should be measuring.

3 min
AI Security

AI Has Minted a New Kind of Attacker — One Who Knows Nothing

Generative AI closes the skill gap between vague criminal intent and working malware. Responsible disclosure norms weren't built for that world.

2 min
Opinion

The Patch Window Is Now Measured in Hours

AI-assisted exploit development has collapsed the time between disclosure and mass exploitation. Traditional vulnerability management workflows weren't built for this pace.

2 min
Vulnerabilities

Oracle Launches Monthly Patch Cycle With 35-Flaw Drop, Four CVEs Under Active PoC Threat

A CVSS 10 hole in REST Data Services leads the list. Four older bugs with public exploit code deserve faster attention than their scores suggest.

2 min
Policy & Regulation

India Sets a 12-Hour Clock on Exploited Vulnerabilities. Can Enterprises Actually Do It?

CERT-In's new AI-threat framework resets expectations around patch velocity — but the real test is whether organizations even know what's exposed.

3 min
Cloud Security

IBM and Red Hat Pledge $5 Billion to Lock Down Open Source Supply Chains via Project Lightwell

The initiative targets a deceptively hard problem: patching vulnerabilities in open source dependencies without breaking production workloads that millions of systems depend on.

2 min
Policy & Regulation

CERT-In Tightens the Clock: Patch Internet-Facing Bugs in 12 Hours

India's national CERT cites AI-assisted exploit development as the reason small teams now have less than a working day to close exposed holes.

3 min
© 2026 Threat Vectr