Enterprises are more and more in a race towards time to handle vulnerabilities earlier than attackers exploit them.
The dangerous guys are getting sooner, and patch administration is not maintaining. Menace intelligence companies supplier Flashpoint discovered the typical time to take advantage of — the interval between a vulnerability’s disclosure and its weaponization within the wild — plummeted from 745 days in 2020 to only 44 days in 2025. Worryingly, in keeping with Statista analysis, organizations delay patching important vulnerabilities for a mean of 165 days final 12 months.
The velocity with which attackers now barrel by means of comfortable spots in enterprise defenses makes this week’s featured information articles all of the extra pressing. Moderately than routine upkeep actions, patching important zero days and retiring insecure gadgets are more and more high-stakes protection sprints.
Not a drill: Microsoft patches 6 zero days underneath energetic exploitation
Microsoft’s newest safety replace consists of patches for six actively exploited zero days and 5 extra CVEs the supplier stated malicious actors are comparatively prone to exploit. Three of the zero days contain safety characteristic bypass flaws in numerous Microsoft merchandise, enabling attackers to bypass built-in defensive controls. The February replace addressed 59 flaws in whole.
Microsoft emphasised the significance of making use of these patches promptly to guard programs from potential exploitation. This replace highlights the rising sophistication of cyberthreats and the necessity for organizations to keep up sturdy patch administration practices to safeguard their infrastructure.
Learn the complete article by Jai Vijayan on Darkish Studying.
CISA orders federal businesses to take away unsupported edge gadgets
CISA has issued a binding operational directive requiring federal businesses to cease utilizing unsupported community edge gadgets, similar to firewalls and routers, inside a 12 months. CISA stated end-of-support (EOS) gadgets pose a considerable and fixed “imminent risk.”
Companies should replace outdated gadgets, report their utilization and decommission these with expired assist. Inside 24 months, processes have to be established to trace and take away unsupported gadgets earlier than their EOS dates.
Whereas the directive targets federal businesses, CISA encourages broader adoption by native governments and companies. Regardless of restricted enforcement energy, CISA will collaborate with the White Home to watch compliance and supply assist.
Learn the complete article by Eric Gellar on Cybersecurity Dive.
Assault on Poland’s power grid prompts warning to U.S. important infrastructure operators
A current cyberattack on Poland’s power grid, attributed to Russian hacker teams Berserk Bear and Sandworm, underscores the hazards posed by weak edge gadgets in operational know-how (OT) environments. CISA warned U.S. important infrastructure operators to take notice.
Within the December 2025 assault, malicious hackers exploited internet-facing FortiGate gadgets with reused passwords, enabling them to entry quite a lot of OT gadgets with default passwords. The attackers have been then in a position to deploy wiper malware, corrupt firmware and disrupt system operations. Whereas renewable power programs continued manufacturing, operators misplaced management and monitoring capabilities.
In an advisory, CISA emphasised the necessity for OT asset operators to implement stronger cybersecurity measures, together with altering default passwords and enabling firmware verification on OT gadgets. The incident additionally highlights the pressing want for important infrastructure operators to boost defenses towards cyberthreats.
Learn the complete story by Eric Geller on Cybersecurity Dive.
Editor’s notice:Â An editor used AI instruments to help within the era of this information transient. Our professional editors at all times assessment and edit content material earlier than publishing.
Alissa Irei is senior website editor of Informa TechTarget Safety.
