430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Artificial Intelligence

AI speeds flaw discovery, forcing rapid updates, UK NCSC warns

The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers […]

NCSC UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws.

The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation.

CTO Ollie Whitehouse says skilled attackers using AI can uncover hidden flaws faster than before, forcing organizations to respond with a wave of urgent security updates. Governments and companies will need to patch systems quickly as more vulnerabilities are exposed in a short time, creating pressure on global cybersecurity defenses.

“Artificial Intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem. As a result, the NCSC expect there will be a ‘forced correction’ to address this technical debt across all types of software, including open source, commercial, proprietary and software as a service.” states NCSC.

“This is why we are encouraging all organisations to prepare now for when a ‘patch wave’ arrives; a rush of software updates that will need to be applied across the technology stack to address the disclosure of new vulnerabilities.”

Organizations should reduce their internet-facing and externally exposed attack surfaces as quickly as possible. They should first secure perimeter technologies, then move inward to cloud and on-premise systems to limit exposure from newly discovered vulnerabilities.

If full patching isn’t possible, priority should go to external systems and critical security infrastructure. However, patching alone is not enough. Legacy or end-of-life systems that no longer receive updates create ongoing risk. In these cases, organizations must replace outdated technologies or restore vendor support, especially when they are exposed to the internet.

“It is also important for organisations to realise that patching alone will not always suffice; some technical debt may be present in ‘end of life’ or legacy technology that is out of support, and so can’t receive updates.” continues the blog post published by the UK agency. “In such instances, organisations will need to replace technologies, or bring them back within support, especially where it presents an external attack surface.”

Organizations are urged to apply security updates faster, more often, and across supply chains due to a rise in vulnerabilities, including critical ones. The NCSC advises enabling automatic “hot patching” and automatic updates where possible to reduce workload and speed response.

When automation isn’t available, organizations should use risk-based prioritization (e.g. Stakeholder Specific Vulnerability Categorisation (SSVC)) to manage updates safely. If a critical flaw is actively exploited, especially on internet-facing systems, patches must be applied immediately. The guidance promotes an “update by default” approach, with exceptions for safety-critical systems.

The UK agency pointed out that patching alone isn’t enough to solve deeper security issues. Vendors should reduce risk by adopting safer designs like memory safety and containment technologies such as CHERI.

Organizations must also strengthen basic cyber hygiene using frameworks like Cyber Essentials or the Cyber Assessment Framework for critical sectors.

For higher-risk environments, NCSC recommends privileged access workstations, stronger cross-domain architecture, and better threat detection through observability and threat hunting.

“In conclusion, the NCSC advise all organisations, irrespective of size, to plan and prepare for the vulnerability patch wave.” concludes the agency. “A good place to start is by reading the NCSC’s updated Vulnerability Management guidance.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NCSC)