CISA stories
Security teams face a heavier patching burden next year, with disclosure volumes now tracking far above FIRST's earlier estimate.
Failed test days could delay work and income, as Aceable's new study tool targets the weak spots that most licensing candidates miss.
Federal contractors face rising scrutiny as speakers warned CMMC and AI are becoming central to procurement, resilience and national security.
Boards face growing pressure to treat AI-driven cyber threats as an immediate business risk, with attackers able to exploit flaws within months.
The free check could help security teams uncover overlooked Java runtimes before AI-driven attackers exploit known flaws and outdated versions.
The wider rollout targets critical infrastructure and software maintainers after early users found more than 10,000 serious flaws.
Banks and investment firms face mounting exposure as ransomware incidents jump and more than half of vendors carry high-severity flaws.
Security teams may need to react faster as AI-boosted attackers can exploit flaws within hours, leaving patching cycles behind.
Only a small fraction of disclosed flaws are likely to hit suppliers, leaving security teams to focus on the 58 highest-risk CVEs.
Exposed systems are becoming the main target, as Rapid7 says flaws were used in 38% of incidents and patch windows shrank to five days.
Patch teams are falling behind as exploited flaws pile up, with 47 million instances still open after a year, Qualys data shows.
The free cloud service gives Veeam users and service providers a single view of scattered backup clusters as ransomware risk grows.
Rising breaches and weak credential habits are forcing businesses to adopt passkeys, multi-factor authentication and tighter access controls.
Many firms cannot pause AI systems quickly or explain failures to regulators, according to ISACA's European survey of 681 professionals.
Regulated agencies can now use Elastic’s security tools inside disconnected Google cloud environments as threats grow more automated.
Pressure is growing on AI vendors and software suppliers to improve vulnerability disclosure as experts warn basic CVE details are no longer enough.
The Tel Aviv startup says enterprises need runtime controls as AI agents take on more privileged tasks across core business systems.
Attackers are now exploiting flaws before patches exist, leaving 85% of vulnerable assets unpatched at disclosure across 10,000 organisations.
Rapid7 warns exploited high and critical software flaws more than doubled in 2025, as attackers compress disclosure-to-attack windows.
Growing demand for secure mainframe support has prompted Vertali to strengthen its leadership team with a veteran security specialist.
