74% of Organizations Remediate Vulnerabilities Within a Week

  ICT, Rassegna Stampa, Security
image_pdfimage_print

@import url(‘https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300..800;1,300..800&display=swap’); @import url(‘https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300..800;1,300..800&family=Roboto:ital,wght@0,100..900;1,100..900&display=swap’); @import url(‘https://fonts.googleapis.com/css2?family=Handlee&display=swap’); h3 { font-weight: bold; font-size: 18px; color: #C72026; } figure { padding: 4px; margin: auto; } figcaption { color: #404144; font-family: “Roboto”, sans-serif; font-size: 14px; padding: 10px; text-align: left; } .pqFull { display: block; border-width: 2px 0; border-style: solid; border-color: #404144; padding: 1.5em 0 0.5em; margin: 1.5em 0; position: relative; font-family: “Handlee”, Arial, sans-serif; font-size: 20px; text-align: center; color: #0067A6;
}
.pqFull:before { content: ‘\275D’; position: absolute; top: -.10em; left: 50%; transform: translate(-50%, -50%); background: #fff; width: 4rem; height: 2rem; font: 6em/1.08em sans-serif; color: #666; text-align: center;
}
.pqFull:after { content: “\2013 \2003” attr(cite); display: block; text-align: center; font-size: 18px; color: #404144;
}

A recent report by the Cloud Security Alliance analyzed survey data from nearly 1000 cybersecurity leaders. The report found that nearly half of respondents who experienced a production incident say it involved a previously identified vulnerability. Additionally, 9% of organizations remediate critical or high-severity vulnerabilities in production within 24 hours, while 74% take between one and seven days.

The report also found that organizations in the four-to-seven-day capability were breached by a known vulnerability at a 97% rate, compared to 77% among those who patch within 24 hours.

According to the report, 92% of organizations prioritizing risk identification before deployment experienced a known-vulnerability incident in the past year, while 91% of those who reported they were “very confident” in their organization’s AppSec strategy still had a production incident bypass pre-production controls.

The report found that 70% of organizations have AI-powered components in production, yet 82% cannot see AI runtime behavior in real time. Additionally, 73% of respondents would adopt virtual patching that could reliably block production exploits with minimal false positives.

Read the report.


Malicious Cybersecurity Packages Targeting Supply Chains Rose 451%

security monitor computers
Image: Andrey Suslov / iStock / Getty Images Plus via Getty Images

A report by JFrog analyzed the current state of supply chain security. The report found that malicious npm packages surged 451% year-over-year, with 177K new malicious packages detected across registries in the last year. Attackers are exploiting trust at scale — the “Qix” campaign used just 25 packages to compromise over 2.5 million downloads.

Researchers identified 969 carrying high-impact payloads alongside 495 malicious AI models on Hugging Face and 56 malicious extensions on OpenVSX. Attackers are no longer just targeting code; they are targeting the autonomous tools that write, review, and deploy it.

Over 48,000 new CVEs were disclosed in 2025, a 20% year-over-year increase partially driven by AI-generated code reintroducing decades-old weaknesses, like Injection (CWE-74), which grew 3,110%. Researchers found that 66% of CVEs analyzed had minimal real-world applicability: volume-based triage is noise, while context and applicability become the mission-critical signals.

The report found that 40% of organizations have adopted malicious package detection and secrets detection is active at just 28%. The categories growing fastest in threat volume remain the least covered by existing tooling.

According to the report, 45% of respondents say reviewing and hardening AI-generated code is now a major time drain — proving that AI hasn’t eliminated work — it’s merely shifted the burden as threat actors weaponize upstream developer environments and agentic tools.

Read the report.

https://www.securitymagazine.com/articles/102428-74-of-organizations-remediate-vulnerabilities-within-a-week

Lascia un commento