Bleeping Computer

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web ...
CSOonline

CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice

A new CISA directive moves federal agencies beyond severity scores and toward a risk-based patching model that prioritizes real-world exploitation, asset exposure, and attacker impact — a framework ...
Dark Reading

CISA Rewrites Federal Patching Requirements for AI Threat Era

The US Cybersecurity and Infrastructure Security Agency (CISA) has revamped its federal patching mandate with a risk-matrix approach that requires federal agencies to remediate the most dangerous ...
Bleeping Computer

Google patches new Chrome zero-day flaw exploited in the wild

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. "Google is aware that ...