The latest weekly vulnerability Insights report to clients by Cyble provides a detailed view of vulnerabilities tracked between April 15, 2026, and April 21, 2026. The findings highlight a slight dip in overall disclosures compared to the previous week, but the persistence of active exploitation and evidence of real-world attacks continues to target enterprise, cloud, and open-source ecosystems. 

During this reporting period, Cyble’s Vulnerability Intelligence module tracked 1,095 vulnerabilities, reflecting a decrease in volume after last week’s spike. However, the reduced number does not indicate lower risk. In fact, the presence of over 91 vulnerabilities with publicly available Proof-of-Concept (PoC) exploits increases the likelihood of rapid weaponization and exploitation in real-world environments. 

Additionally, Cyble observed 2 vulnerabilities actively discussed in underground forums, reinforcing that threat actors continue to prioritize high-impact flaws and accelerate their use in real-world attacks. 

Real-World Attacks and Threat Intelligence Observations 

As part of its weekly vulnerability Insights, CRIL leveraged its Threat Hunting capabilities to capture real-time attack data using distributed honeypot sensors. These systems recorded multiple instances of: 

• Exploit attempts  

• Malware intrusions  

• Financial fraud campaigns  

• Brute-force attacks  

The Sensor Intelligence data further revealed targeted campaigns involving malware families such as: 

• CoinMiner Linux  

• WannaCry  

• Linux Mirai Coin Miner  

• Linux IRCBot  

• Android Coin Hive Miner  

In addition to malware activity, phishing emails and brute-force attempts were also observed, demonstrating the breadth of real-world attacks targeting both users and infrastructure. 

The report also provides deeper visibility into attacker behavior, including: 

• Top targeted countries  

• Frequently abused ports  

• Source IP intelligence  

• Network operator attribution  

These insights reinforce how active exploitation is not limited to isolated vulnerabilities but is part of coordinated attack campaigns. 

Weekly Vulnerability Disclosure Overview 

Analysis of the weekly vulnerability Insights reveals several important patterns in vendor exposure and severity distribution. 

Top Vendors Impacted 

The highest number of reported vulnerabilities was associated with: 

• Oracle  

• Mozilla  

• Google  

• Dell  

• FreeScout Help Desk  

This distribution highlights how both enterprise-grade platforms and open-source tools remain attractive targets for adversaries. 

Severity Breakdown 

• 96 vulnerabilities were rated critical under CVSS v3.1  

• 43 vulnerabilities were rated critical under CVSS v4.0  

Key Vulnerabilities Driving Real-World Attacks 

Several critical vulnerabilities stood out due to their potential for exploitation: 

• CVE-2026-5921: A flaw in GitHub Enterprise Server involving Server-Side Request Forgery (SSRF) and a timing side-channel attack  

• CVE-2026-6388: A critical issue in Argo CD Image Updater, widely used in Kubernetes environments  

• CVE-2026-34287: A vulnerability in Oracle Identity Manager (OIM) Connector  

• CVE-2026-6771: A flaw in Mozilla Firefox and Thunderbird DOM security  

These vulnerabilities are particularly dangerous because they target trusted development and identity systems, allowing attackers to: 

• Execute arbitrary code  

• Steal credentials  

• Compromise entire servers  

Such weaknesses directly contribute to real-world attacks, as they enable adversaries to infiltrate core enterprise workflows with minimal resistance. 

CISA KEV Catalog: Evidence of Active Exploitation 

Between April 15 and April 21, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added 9 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. 

Notable KEV Additions 

• CVE-2023-27351 (PaperCut MF/NG): This vulnerability allows unauthenticated remote code execution with SYSTEM privileges. It has been widely exploited by ransomware groups such as Clop and LockBit.  

• CVE-2025-48700 (Zimbra Collaboration Suite): A Cross-Site Scripting (XSS) flaw that can be leveraged for session hijacking and data theft.  

• CVE-2026-20133 (Cisco Catalyst SD-WAN Manager): An information disclosure vulnerability exposing sensitive network data.  

As of April 2026, CISA has added 23 vulnerabilities to the KEV catalog, further emphasizing the scale of active exploitation across industries. 

Trending Vulnerabilities and Resurgence of Real-World Attacks 

Among the most notable cases in this week’s weekly vulnerability Insights is the resurgence of older vulnerabilities being reused in new campaigns. 

CVE-2024-3721 (TBK DVR Devices) 

A critical OS command injection flaw affecting TBK Digital Video Recorders has re-emerged due to a new Mirai-based botnet variant called “Nexcorium.” 

This botnet is actively scanning for vulnerable DVR models (DVR-4104 and DVR-4216) to recruit them into a distributed denial-of-service (DDoS) network. Its inclusion in the KEV catalog confirms ongoing active exploitation and highlights how legacy devices continue to fuel real-world attacks. 

CVE-2025-0520 (ShowDoc) 

A remote code execution vulnerability allows attackers to upload malicious PHP files to publicly accessible directories. Once uploaded, these files can be executed to gain control over the server. 

This simple yet effective attack vector has made ShowDoc a frequent target in real-world attacks. 

Underground Activity and Exploit Development 

CRIL’s monitoring of underground forums revealed continued interest in weaponizing vulnerabilities for active exploitation. 

Notable Vulnerabilities Discussed 

• CVE-2026-33825 (Microsoft Defender): A privilege escalation flaw linked to the “BlueHammer” exploit family, allowing attackers to gain SYSTEM-level access and extract sensitive data such as NTLM hashes.  

• CVE-2025-8941 (Linux-PAM): A path traversal vulnerability enabling privilege escalation through symlink attacks.  

• CVE-2026-38526 (Krayin CRM): An authenticated file upload vulnerability leading to remote code execution.  

• CVE-2026-26980 (Ghost CMS): A SQL injection flaw allowing unauthorized database access and data exfiltration.  

The timeline analysis shows rapid transitions from disclosure to exploit availability, reinforcing the speed at which real-world attacks can materialize. 

Persistent Risk Despite Lower Volume 

This week’s vulnerability Insights show that even with fewer disclosures, the risk of active exploitation and real-world attacks remains significant. With 91+ PoC-backed vulnerabilities, new KEV additions, and ongoing underground activity, attackers continue to move quickly from discovery to exploitation. In this environment, organizations need proactive, intelligence-driven defenses.  

Cyble’s AI-powered threat intelligence platform provides real-time visibility, predictive insights, and automated security operations to help teams stay ahead of evolving threats. Organizations can explore these capabilities further by scheduling a demo with Cyble. 

The post The Week in Vulnerabilities: GitHub Enterprise, Argo CD, Oracle Identity Manager, and Mozilla Security Flaws appeared first on Cyble.

We always think we are more vulnerable than our fellow contemporaries! In general sense, this shows lack of confidence, but when you are dealing with security, this is one of the best traits you can have! Sounds strange, right! Let’s be honest, most security teams aren’t short on vulnerability data. They’re drowning in it. Scan […]

The post How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter appeared first on Kratikal Blogs.

The post How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter appeared first on Security Boulevard.

The post CoreDNS Security Alert: Multiple High-Severity Vulnerabilities Patched in Version 1.14.3 appeared first on Daily CyberSecurity.

The post SonicWall Issues Fixes for SonicOS Vulnerabilities appeared first on Daily CyberSecurity.

Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,675 vulnerabilities, last week, reflecting continued high disclosure volume across enterprise software, cloud services, and emerging AI ecosystems.

Of these, more than 205 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of exploitation and shortening attacker weaponization timelines.

Additionally, 2 vulnerabilities were actively discussed across underground forums and hidden communities, demonstrating continued adversarial focus on high-impact enterprise targets.

A total of 111 vulnerabilities were rated critical under CVSS v3.1, while 34 received critical severity under CVSS v4.0, underscoring the seriousness of newly disclosed issues.

Furthermore, CISA added 10 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.

On the industrial side, CISA issued 3 ICS advisories covering 4 vulnerabilities, impacting Mitsubishi Electric, Contemporary Controls, Sedona Alliance, and GPL Odorizers.

Weekly Vulnerability Report’s Top Flaws

CVE-2026-32201 — Microsoft SharePoint Server (Critical)

CVE-2026-32201 is an actively exploited vulnerability affecting Microsoft SharePoint Server and was included in April 2026 Patch Tuesday disclosures.

Successful exploitation could allow attackers to compromise collaboration environments, access sensitive enterprise content, and establish persistent footholds inside corporate networks.

CVE-2026-21643 — Fortinet FortiClient EMS (Critical)

CVE-2026-21643 is a critical vulnerability affecting Fortinet FortiClient Endpoint Management Server (EMS).

Because EMS platforms centrally manage endpoints, successful exploitation can enable attackers to disrupt security operations, deploy malicious configurations, and gain broad enterprise access.

CVE-2026-35652 — OpenClaw AI Agent Framework (High)

CVE-2026-35652 is a high-severity authorization bypass vulnerability in OpenClaw, an open-source autonomous AI agent framework.

The flaw allows unauthorized external parties to manipulate the AI agent into executing restricted actions without proper authentication, creating risk of workflow abuse, credential exposure, and downstream compromise.

CVE-2026-27304 — Adobe ColdFusion (Critical)

CVE-2026-27304 is a critical improper input validation vulnerability in Adobe ColdFusion.

Attackers can exploit vulnerable web application environments to execute malicious actions, compromise servers, and move laterally through connected systems.

CVE-2026-29145 — Microsoft 365 Outlook Desktop Client (Critical)

CVE-2026-29145 affects Microsoft 365, specifically the Outlook desktop client.

Given Outlook’s role in enterprise communications, exploitation may enable phishing enhancement, malicious payload execution, or unauthorized access to user data.

Trending Exploitation Activity

CVE-2025-0520 — ShowDoc (Critical)

A remote code execution vulnerability in ShowDoc, a popular open-source IT documentation platform, saw a sharp rise in exploitation during April 2026. Attackers are reportedly targeting unpatched servers to deploy web shells and seize control of documentation environments.

CVE-2025-59528 — Flowise (Critical)

A remote code execution flaw in Flowise, a low-code platform for building AI agents and LLM workflows, has been linked to large-scale exploitation targeting more than 12,000 internet-exposed instances.

These cases reinforce the rapid expansion of the AI and developer tooling attack surface.

Vulnerabilities Added to CISA KEV

CISA expanded its KEV catalog with 10 newly listed vulnerabilities this week.

Notable additions include:

• CVE-2026-32201 — Microsoft SharePoint Server
• CVE-2026-21643 — Fortinet FortiClient EMS
• CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM)

The inclusion of collaboration tools, endpoint management systems, and mobile management platforms shows attackers are prioritizing centralized enterprise control layers.

Critical ICS Vulnerabilities

CISA issued 3 ICS advisories covering 4 vulnerabilities, with the majority falling into the high-severity category.

CVE-2025-13926 — Contemporary Controls BASControl20 (Critical)

This vulnerability affects a building automation controller widely deployed across energy facilities, manufacturing plants, and commercial buildings. With a CVSS score of 9.8 and no patch available because the product is obsolete, organizations face limited remediation options beyond replacement or network isolation.

Successful exploitation could allow attackers to manipulate physical systems, disrupt operations, or pivot deeper into OT networks.

CVE-2025-14815 / CVE-2025-14816 — Mitsubishi Electric Platforms (High)

These vulnerabilities expose sensitive configuration and authentication data in plaintext across multiple Mitsubishi Electric products.

An attacker with minimal access could harvest credentials and escalate privileges rapidly, broadening the impact of an initial compromise.

CVE-2026-4436 — GPL Odorizers (High)

A missing authentication flaw in GPL Odorizers could allow unauthorized access to critical functions in systems used within industrial environments.

Impacted Critical Infrastructure Sectors

Analysis of ICS disclosures shows:

• Critical Manufacturing was impacted in all reported cases
• Additional cross-sector exposure affected:
  • Commercial Facilities
  • Energy

This concentration highlights how industrial vulnerabilities can create cascading operational risk across interconnected sectors.

Conclusion

This week’s findings highlight several major trends:

• Continued high-volume vulnerability disclosures
• Active exploitation confirmed through KEV additions
• Rising attacks against AI frameworks and developer tooling
• Persistent weaknesses in industrial control environments
• Increased focus on centralized enterprise management systems

With 205+ public PoCs, active underground interest, and exploitable OT exposures, organizations face heightened risk across both IT and operational technology environments.

Key Recommendations

• Prioritize remediation of KEV-listed vulnerabilities immediately
• Patch externally exposed enterprise systems and collaboration platforms
• Secure AI agents, automation tools, and developer workflows
• Harden endpoint and mobile device management infrastructure
• Segment IT and OT environments to reduce lateral movement
• Replace or isolate obsolete industrial devices lacking patches
• Continuously monitor underground forums and threat intelligence feeds
• Conduct regular vulnerability assessments and penetration testing

Cyble’s attack surface management and vulnerability intelligence solutions help organizations identify exposed assets, prioritize remediation, and detect early indicators of compromise. By combining threat intelligence with proactive defense strategies, organizations can strengthen resilience across enterprise and critical infrastructure environments.

The post The Week in Vulnerabilities: SharePoint, Fortinet, OpenClaw, and GPL Odorizers appeared first on Cyble.

The post The Great Linux Purge: Why the Kernel is Dumping 27,000 Lines of Code to Stop the AI Vulnerability Deluge appeared first on Daily CyberSecurity.

More than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day.

The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic.

Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating.

The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic.

The post Command Injection Vulnerability (CVE-2025-29635) Exploited in the Wild appeared first on Daily CyberSecurity.

The post CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra appeared first on Daily CyberSecurity.

The post The CVE Watchtower: Weekly Threat Intelligence Briefing (April 13 – April 19, 2026) appeared first on Daily CyberSecurity.

Over the past 6-8 months, researchers at my company discovered vulnerabilities across multiple AI tools that allowed external bad actors to steal data, exploit AI browsers, or poison the core memories of AI systems. As we responsibly disclosed these flaws, we found that AI vendors almost universally told us, “It’s not our problem.” In their..

The post We Need a Shared Responsibility Model for AI appeared first on Security Boulevard.

Under a new model announced by the National Institute of Standards and Technology, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical.

The post National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges appeared first on Flashpoint.

The post National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges appeared first on Security Boulevard.

The post Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors appeared first on Daily CyberSecurity.

Cyble Research & Intelligence Labs (CRIL) in its weekly vulnerability report tracked 1,431 bugs last week.

Of these, over 270 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating exploitation timelines and increasing real-world attack likelihood.

Additionally, 3 vulnerabilities were actively discussed across underground forums, signaling strong adversarial interest and rapid weaponization.

A total of 130 vulnerabilities were rated critical under CVSS v3.1, while 45 were rated critical under CVSS v4.0, reflecting the severity of disclosed issues.

Furthermore, CISA added 3 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.

On the industrial front, CISA issued 5 ICS advisories covering 6 vulnerabilities, impacting vendors such as Siemens, Hitachi Energy, and Yokogawa.

Weekly Vulnerability Report’s Top 5 Vulnerabilities

CVE-2026-32213 — Microsoft Azure AI Foundry (Critical)

CVE-2026-32213 is a critical authorization bypass vulnerability in Microsoft Azure AI Foundry.

The flaw exists in the platform’s authorization logic, allowing unauthenticated attackers to bypass security checks and grant themselves administrative privileges. Successful exploitation enables full control over AI environments and associated resources.

CVE-2026-35022 — Claude Code CLI / Agent SDK (Critical)

CVE-2026-35022 is a critical OS command injection vulnerability affecting Anthropic’s Claude Code CLI and Agent SDK.

The vulnerability allows attackers to inject malicious commands into development workflows, resulting in remote code execution and potential compromise of AI pipelines.

CVE-2026-22738 — Spring AI (Critical)

CVE-2026-22738 is a remote code execution vulnerability in Spring AI caused by improper input sanitization in expression evaluation.

Attackers can inject malicious expressions that are executed by the Spring Expression Language, leading to complete application and server compromise.

CVE-2026-4631 — Cockpit (Critical)

CVE-2026-4631 is an unauthenticated remote code execution vulnerability in Cockpit, a web-based Linux server management interface.

The flaw allows attackers to execute arbitrary commands without authentication, potentially leading to full system takeover in enterprise environments.

CVE-2026-35616 — Fortinet FortiClient EMS (Critical)

CVE-2026-35616 is a critical authentication bypass vulnerability in Fortinet FortiClient EMS.

Attackers can bypass authentication and execute arbitrary commands, leading to complete compromise of endpoint management systems.

Vulnerabilities Added to CISA KEV

CISA continues to expand its KEV catalog, reflecting real-world exploitation trends.

Notable addition:

CVE-2026-35616 — Fortinet FortiClient EMS
This vulnerability enables authentication bypass and remote command execution, making it a high-priority remediation target.

The inclusion of enterprise security tools in KEV highlights attackers’ focus on compromising centralized management systems.

Critical ICS Vulnerabilities

CISA issued 5 ICS advisories covering 6 vulnerabilities, many of which impact critical infrastructure environments.

CVE-2026-1579 — PX4 Autopilot (Critical)

A missing authentication vulnerability allowing attackers to execute critical functions without credentials.

This flaw poses risks to autonomous and unmanned systems, potentially enabling unauthorized control.

CVE-2026-3356 — Anritsu Systems (Critical)

This vulnerability involves missing authentication in Anritsu devices, allowing attackers to gain unauthorized access.

CVE-2025-10492 — Hitachi Energy Ellipse (Critical)

A deserialization vulnerability enabling attackers to execute arbitrary code within industrial systems.

Siemens SICAM 8 (Chained Risk)

Two vulnerabilities affecting Siemens SICAM 8 systems—resource exhaustion and out-of-bounds write—can be chained together.

This creates a denial-of-service risk capable of disrupting industrial processes and operational visibility.

CVE-2025-7741 — Yokogawa CENTUM VP (Medium)

A hard-coded password vulnerability that weakens authentication mechanisms and increases risk of unauthorized access.

Critical Infrastructure Sectors Spotlight

Analysis indicates:

• Critical Manufacturing appears in 66.7% of vulnerabilities
• Cross-sector exposure spans:
  • Transportation Systems
  • Emergency Services
  • Defense Industrial Base
  • Communications

This highlights interconnected infrastructure risks, where a single vulnerability can cascade across multiple sectors.

Conclusion

This week’s findings highlight several critical trends:

• Expansion of vulnerabilities into AI and development ecosystems
• Increasing exploitation of enterprise management platforms
• Continued weaknesses in industrial control systems
• Cross-sector risk amplification in critical infrastructure

With 270+ PoCs, KEV-confirmed exploitation, and emerging threats in AI frameworks, organizations face heightened risk across both digital and physical environments.

Key Recommendations

• Prioritize vulnerabilities with PoCs and KEV inclusion
• Secure AI development environments and pipelines
• Patch enterprise management and remote access systems immediately
• Implement strict authentication and access control mechanisms
• Segment IT and OT networks to prevent lateral movement
• Apply compensating controls for unpatched ICS vulnerabilities
• Monitor underground forums and threat intelligence feeds
• Conduct continuous vulnerability assessments and penetration testing

Cyble’s attack surface management and vulnerability intelligence solutions help organizations proactively identify risks, prioritize remediation, and detect emerging threats. By integrating intelligence-driven security strategies, organizations can strengthen resilience across enterprise and critical infrastructure environments.

The post The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure appeared first on Cyble.

The post Sustainable Security: NIST Abandons “Analyze Everything” Goal for NVD appeared first on Daily CyberSecurity.

Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates.

The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic.

The post CVE-2026-4810: Critical 9.3 RCE Flaw Hits Google’s AI Agent Development Kit appeared first on Daily CyberSecurity.

The post CISA Adds 7 Fresh Exploits to KEV Catalog appeared first on Daily CyberSecurity.

Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up With AI Exploit Speed. So?

Many years ago while at Gartner, I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” (original via Archive if you don’t believe that I was that smart back in 2013 :-)) This was an idea of a maximum speed that a given organization could fix a given vulnerability. If you full throttle beyond that, the engines will whirr louder, but the plane won’t fly faster, essentially.

The discussion arose from people constantly asking about the “optimal” or “desired” speed of patching. In my time as an analyst, I reviewed plenty of policies as well as “operational practices” (which is what people call it when they don’t actually follow their own policy “because reasons” :-)). BTW, I utterly hated “30 days flat” policies that say that vulnerabilities are fixed within 30 days no matter what, and always steered people to more nuanced risk-based policies.

One concept emerged: Given a particular IT environment, there is often a maximum physical speed at which an organization can patch. That is my Patch Sound Barrier.

Why bring this up now? Because the speed of vulnerability discovery is accelerating and so does exploit dev speed, but for many organizations, the speed of remediation simply cannot be accelerated. It is not accelerating, because it cannot. Full stop.

In the past, my guidance was to focus on better vulnerability prioritization so that you fix “real risks” using CISA KEV, EPSS, CVSS (OK, maybe not in the 2020s) and various tools that analyze the data and give you a ranked list.

But today we will have more vulns and prioritization tools won’t save you. If you have 1,000,000 vulns and 1000 are “risky for you” (however defined, let’s say you have the magical tool that reveals the true and real risk for your organization … ha), you can reduce the risk enough by fixing the 1000, if you have the bandwidth to fix the 1000 (in theory). Now, imagine you have 10m vulns (thanks AI!) and say 5000 are risky. But your bandwidth is there to only fix the 1000. So your risk goes up anyway, while you work as hard as before.

Now, you might say, “Anton, you’re making absolute statements. Surely things are flexible given enough money, enough talented engineers, and these days, enough LLM tokens?”

This is true in theory. But notice I said, “given the IT environment.”

There are definitely methods for accelerating remediation in a modern, beautifully and carefully designed environment (check our podcast episode 109 for those ideas).

But let’s review the scoreboard:

• The speed of vulnerability discovery? Increased.
• The speed of exploit development? Increased.
• The speed of remediation in legacy environments? Unchanged.

OK, some of you might still think “cannot” is too harsh. But people at modern organizations — all DevOps, CI/CD, open source and now AI agents — sometimes cannot comprehend what it takes to deal with a 1990s-era “DBA from Hell” who views his beloved database as a pet, not cattle, and will only allow a patch twice a year on a rigid schedule. Don’t even get me started on OT or the sea of unpatched edge appliances out there (there are “forti” millions of them there, I hear …)

So, yes, I spent years providing recommendations on how to deal with this “vulnerability flood.” This isn’t just about the current fascination with AI; at one point, the “boogeyman” was Metasploit, or something else. Or, as old people told me, SATAN / SANTA in the mid-1990s.

The fact remains: there are more risky vulns than you have time / capability. Today. AI can find the bugs in milliseconds, but it still can’t convince a legacy middleware admin to reboot a production server on a Tuesday. Or in July. Or in 2026. Or this freakin’ century …

So far it sounds like a rehash of my past ideas, but I actually want to leverage some thoughts from Phil Venables’ blog series about speed (“Things Are Getting Wild: Re-Tool Everything for Speed” and “Cybersecurity’s Need for Speed & Where To Find It”)

Before we go there, we must remember about reducing risk without remediating vulnerabilities. This was often the most insightful bit I shared with clients back in my analyst days: Sometimes your focus must be on reducing your risk, rather than fixing the bug. Kinda “assume the breach”, but for vulns: “assume you can’t patch” then what?

So, how do you get speed to break through the sound barrier (alert: these do NOT apply to everybody):

• Brutally destroy legacy systems; if it cannot be patched quickly and safely, don’t use it. Think “SaaS and Chromebooks” (and cloud) world. Don’t think 1980s ERP crap.
• Modernize. Kill pets. Grow cattle. Ideally, get replaceable tiny insects as cattle. They are simpler, more replaceable and less cute. Think “pets -> cattle -> insects.” [P.S. I do not recall where I got this idea, if I stole this from you, I am sorry — happy to restore credit if you tell me]
• Evolve IT culture to accept automatic patching, everywhere. If Chrome can autopatch 1b systems safely for 10 years, perhaps there is a way to do it, eh?
• Eliminate the risk entirely (e.g., via micro-segmentation or data avoidance) when patching is impossible. If you cannot remove the vuln, remove the connection, the system or the entire business process.
• Shift focus from patching to overall IT lifecycle velocity by decoupling the application from infrastructure. In faster IT, patching is faster. Fight friction, just like you fight toil.

These are some ideas on how to shift from “floor the gas” to “build a supersonic plane” to break the patch sound barrier! Are you still debating patch cycles, or are you architecting your way out of the need for them? Please share more!

Enjoy … living in interesting times!

Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up With AI Exploit… was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up With AI Exploit… appeared first on Security Boulevard.