vulnerability management

AWS Continuum brings AI models to code vulnerability management

AI, AWS, News, vulnerability management /

AWS Continuum brings AI models to code vulnerability management 2026-06-18 at 07:33 By Sinisa Markovic AWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in gated preview. It reasons over a customer’s environment, confirms which findings are real, and works […]

AWS Continuum brings AI models to code vulnerability management Read More »

The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects

Chainguard, cybersecurity, DevSecOps, Don't miss, News, open source, vulnerability management /

The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects 2026-06-17 at 12:42 By Mirko Zorz Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY, Chainguard,

The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects Read More »

CISA orders federal agencies to “patch smarter”

CISA, Cisco, Don't miss, enterprise, Government, Hot stuff, News, NIST, risk assessment, USA, vulnerability management /

CISA orders federal agencies to “patch smarter” 2026-06-11 at 20:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly

CISA orders federal agencies to “patch smarter” Read More »

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk

BOD, CISA, CISA KEV, Government, Vulnerabilities, vulnerability, vulnerability management /

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk 2026-06-11 at 16:01 By Ionut Arghire The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek. This

CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk Read More »

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment

access controls, asset discovery, cybersecurity, Don't miss, Expert analysis, Expert corner, manufacturing sector, network, News, opinion, patching, vulnerability management /

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment 2026-06-04 at 09:26 By Help Net Security A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment Read More »

Known vulnerabilities behind most application security incidents

Application Security, Cloud Security Alliance, cybersecurity, News, report, vulnerability management /

Known vulnerabilities behind most application security incidents 2026-06-03 at 07:40 By Anamarija Pogorelec Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and security professionals conducted by the Cloud Security Alliance. The pattern points to

Known vulnerabilities behind most application security incidents Read More »

Building a risk-based vulnerability management program that scales

cyber risk, cybersecurity, News, Risk Management, strategy, tips, Video, vulnerability management /

Building a risk-based vulnerability management program that scales 2026-05-29 at 08:01 By Help Net Security In this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilities are exploding by an order of magnitude in the age of AI-driven attacks, with one customer finding

Building a risk-based vulnerability management program that scales Read More »

Claude now reviews and fixes vulnerabilities as you write code

Anthropic, Claude Code, cybersecurity, News, software development, vulnerability management /

Claude now reviews and fixes vulnerabilities as you write code 2026-05-27 at 16:37 By Sinisa Markovic Anthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session. The company says the plugin is designed to catch issues such as

Claude now reviews and fixes vulnerabilities as you write code Read More »

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

AI, CISO, credentials, data breach, Don't miss, Hot stuff, News, phishing, Ransomware, report, social engineering, Verizon, vulnerability disclosure, vulnerability management /

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

AI shrinks vulnerability exploitation window to hours

agentic AI, AI, cybersecurity, News, report, security testing, Synack, threats, vulnerability management /

AI shrinks vulnerability exploitation window to hours 2026-05-18 at 09:42 By Anamarija Pogorelec Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI systems that

AI shrinks vulnerability exploitation window to hours Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

cybersecurity, Don't miss, Hot stuff, Linux, News, operating system, system hardening, vulnerability disclosure, vulnerability management /

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws 2026-04-30 at 16:45 By Ashish Khaitan The latest weekly vulnerability Insights report to clients by Cyble provides a detailed view of vulnerabilities tracked between April 15, 2026, and April 21, 2026. The findings highlight a slight dip in overall disclosures compared to the previous week, but the persistence

The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws Read More »

The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers

vulnerability, vulnerability management /

The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers 2026-04-24 at 05:54 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,675 vulnerabilities, last week, reflecting continued high disclosure volume across enterprise software, cloud services, and emerging AI ecosystems. Of these, more than 205 vulnerabilities have publicly available Proof-of-Concept (PoC)

The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers Read More »

Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders

AI, Anthropic, Mozilla, News, vulnerability management /

Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders 2026-04-22 at 18:51 By Sinisa Markovic The Mozilla Foundation tested Claude Mythos, an Anthropic AI model that has stirred debate in the cybersecurity community. Before granting access to Mythos, Mozilla scanned Firefox using Opus 4.6, which led to fixes for 22 security-sensitive

Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders Read More »

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

CVE, Don't miss, ENISA, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward 2026-04-16 at 19:48 By Zeljka Zorz NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Read More »

The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure

cyber news, Threat Intelligence, vulnerability, vulnerability management, Weekly Vulnerability Report /

The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure 2026-04-16 at 15:04 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its weekly vulnerability report tracked 1,431 bugs last week. Of these, over 270 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating exploitation timelines and increasing real-world attack likelihood.

The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure Read More »

Fixing vulnerability data quality requires fixing the architecture first

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, vulnerability management /

Fixing vulnerability data quality requires fixing the architecture first 2026-04-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce

Fixing vulnerability data quality requires fixing the architecture first Read More »

The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs

cyber news, cybersecurity, vulnerability, vulnerability management /

The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs 2026-04-09 at 14:24 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,960 vulnerabilities last week, reflecting a continued surge in vulnerability disclosures across enterprise and cloud ecosystems. Of these, 248 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly

The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs Read More »

The case for fixing CWE weakness patterns instead of patching one bug at a time

CISO, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

The case for fixing CWE weakness patterns instead of patching one bug at a time 2026-04-07 at 09:24 By Mirko Zorz In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings

The case for fixing CWE weakness patterns instead of patching one bug at a time Read More »

The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure

cyber news, vulnerability, vulnerability management /

The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure 2026-04-02 at 13:24 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,452 vulnerabilities last week, reflecting the continued expansion of the global attack surface.   Of these, 222 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating the likelihood of exploitation in real-world environments.   Additionally, multiple vulnerabilities surfaced across underground forums,

The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure Read More »

Scroll to Top