Search results for CVSS
AI & Enterprise
U.S. government cuts deadline to 3 days for most critical cyber flaws amid AI attacks
The U.S. Cybersecurity and Infrastructure Security Agency has issued new guidance requiring federal agencies to address the most severe vulnerabilities within as little as three days. The policy shifts vulnerability management from a uniform approach to risk-based prioritisation, focusing first on flaws with high likelihood of exploitation and large potential impact. CISA said only 1 percent of vulnerabilities would fall under the three-day rule, while lower-risk issues could follow regular patch cycles.
AI & Enterprise
No time to respond to ultra-fast AI attacks, \'patch gap\' alarm
Growing concern is emerging over a so-called patch gap, as AI can find vulnerabilities and write attack code within hours, leaving corporate security teams with less time to fix flaws. A Google M-Trends 2026 report cites cases where attacks occur before patches are deployed. Tests of Anthropic’s Mythos preview also showed rapid exploit generation for Windows kernel and Firefox vulnerabilities, while experts propose new prioritisation methods for patching.
Games & Commerce
18-year-old Excel bug still used in attacks, warning for legacy Office users
A Microsoft Excel security flaw first reported 18 years ago is still being exploited in real-world attacks, highlighting risks for organisations running unsupported software. The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2009-0238 to its catalogue of known exploited vulnerabilities and told U.S. federal civilian agencies to complete mitigation by April 28. The bug affects older Excel and Office components, while newer Excel versions are not affected.
