Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Established enterprise patching models dead in the water, says report | Computer Weekly

By Computer Weekly by By Computer Weekly
June 11, 2026
Home Uncategorized
Share on FacebookShare on Twitter


With Microsoft releasing its largest-ever Patch Tuesday update in June, and the continuing debate over the impact of artificial intelligence (AI) and Anthropic’s Claude Mythos model, new analysis from US-based autonomous patch management and endpoint protection experts Action1 has warned that vulnerability growth and structural shifts are outrunning the ability of traditional, schedule-driven enterprise patching strategies to keep pace.

Action1’s 2026 software vulnerability ratings report revealed that in 2025 – well before the debut of Claude Mythos – the total number of disclosed vulnerabilities surged by 92% compared with 2024, with critical and elevation of privilege (EoP) vulnerabilities doubling in volume, and remote code execution (RCE) flaws rising by almost 130%.

Put more simply, said Action1, the fastest growth is occurring in vulnerability classes that most easily and readily expose businesses to real-world compromises, cyber attacks, data breaches and other forms of disruption.

The firm described this as a “warning shot” for enterprise security leaders, pointing to a broader shift in the threat landscape in which threat actors are taking advantage of newly disclosed flaws faster than any human cyber team can remediate them, and shrinking response windows to hours in some cases.

“2025 marked a turning point in cyber security operations,” said Jack Bicer, director of vulnerability research at Action1. “Attackers are now using AI and automation to accelerate vulnerability discovery and exploitation faster than most organisations can respond. Many enterprises are still patching on human schedules while attackers operate at machine speed.” 

Action1’s CEO and co-founder, Alex Vovk, added: “The threat landscape is no longer just bigger – it’s faster, more automated, and harder to detect. Patching speed is no longer simply an IT metric. It’s now a business resilience metric.” 

The threat landscape is no longer just bigger – it’s faster, more automated, and harder to detect. Patching speed is no longer simply an IT metric. It’s now a business resilience metric
Alex Vovk, Action 1

In short, the report said, those organisations that rely on manual patching processes, infrequent scan cycles, or delayed maintenance windows are now falling behind operationally.

The need to introduce continuous vulnerability management and remediation workflows that are capable of reducing exposure windows across the most frequently attacked targets, such as business applications, network infrastructure, operating systems and security tools, is now critical, said Action1.

“The volume and speed of the 2025 threat environment make it clear that any process still dependent on human scheduling and manual deployment will fail to keep up. Automation is not just an efficiency improvement. It is a survival requirement,” wrote the report’s authors.

Next steps for identifying and patching vulnerabilities

The report, which can be downloaded in full here, contains a number of recommendations for security leaders.

As an immediate first step, Action1 said CISOs and security leaders need to audit how quickly they are patching business-critical software. Delaying patches for business applications and other platforms out of a desire not to be disruptive or inconvenience users is now a measurable business risk. Patching must be aligned with the threat environment in mind, not the convenience of finance, HR or sales teams.

Beyond this, the most pressing priority is the need to automate vulnerability management in response, especially in organisations that handle the most sensitive categories of data, such as educational and healthcare bodies, or operators of critical services, such as utilities and power suppliers.

In these organisations, the ability to deploy urgent updates automatically and without having to wait for maintenance windows should now be adopted as the standard model, but beyond this, automation should also be pushed across patch testing, verification and deployment.

Chief information security officers (CISOs) should prioritise vulnerabilities based on risk to the organisation, taking advantage of known metrics, such as common vulnerability scoring system (CVSS) ratings, or known exploitation to focus their efforts – integrating threat intelligence is key here. And clear metrics for mean time to remediate (MTTR) by severity tier should be made a core benchmark.

But this does not mean that low-risk vulnerabilities are necessarily taking a back seat. Indeed, said the report, security leaders should also update vulnerability prioritisation models to account for attack chaining, in which multiple low-severity issues are combined into a more damaging attack, enabling EoP or lateral movement. Patching service level agreements (SLAs) for low-severity flaws needs to be reassessed to see whether current remediation timelines are still appropriate, said Action1.



Source link

By Computer Weekly

By Computer Weekly

Next Post
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

Recommended.

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

February 3, 2026
Defence and education see big gains in public sector IT spend, Tussell report finds | Computer Weekly

Defence and education see big gains in public sector IT spend, Tussell report finds | Computer Weekly

February 17, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio