CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
Summary
Hide ▲
Show ▼
CERT-In published new guidance on May 25 urging Indian organizations to patch actively exploited internet-facing vulnerabilities within 12 hours, tightening response expectations for exposed systems. The blueprint links the change to AI-assisted reconnaissance, vulnerability discovery, phishing and malware development, which shortens the defender window. It also tells organizations to prioritize KEVs and EPSS over severity scores alone when deciding what to fix first. Where no patch exists, the guidance recommends interim controls such as isolation, access restriction or WAF protection.
Related Happenings
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
How related:
CERT-In set an indicative 12-hour expectation for containing or remediating known exploited vulnerabilities (KEVs) on "internet-facing and crown-jewel systems."
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationHow related: CERT-In set an indicative 12-hour expectation for containing or remediating known exploited vulnerabilities (KEVs) on "internet-facing and crown-jewel systems."
About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector Action
First: 26.05.2026 12:13
Last: 26.05.2026 12:13
Sources 1
About this happening:
**CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector ActionAbout this happening: **CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
ICO releases five-step AI cyber guidance
Public Sector Action
First: 14.05.2026 12:00
Last: 14.05.2026 12:00
Sources 1
About this happening:
The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
ICO releases five-step AI cyber guidance
Public Sector ActionAbout this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
NIST CVE/NVD prioritization shift
Public Sector Action
First: 17.04.2026 00:47
Last: 17.04.2026 00:47
Sources 1
About this happening:
**NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST CVE/NVD prioritization shift
Public Sector ActionAbout this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
OpenAI launches GPT‑5.4‑Cyber and expands TAC access for cyber defense
Security Tool/Service
First: 15.04.2026 19:00
Last: 15.04.2026 19:00
Sources 1
About this happening:
OpenAI launched **GPT‑5.4‑Cyber** and expanded **Trusted Access for Cyber (TAC)**, giving vetted defenders broader access to a **cyber-permissive** model for **defensive workflows...
OpenAI launches GPT‑5.4‑Cyber and expands TAC access for cyber defense
Security Tool/ServiceAbout this happening: OpenAI launched **GPT‑5.4‑Cyber** and expanded **Trusted Access for Cyber (TAC)**, giving vetted defenders broader access to a **cyber-permissive** model for **defensive workflows...
Timeline
-
26.05.2026 13:30 2 articles · 1d ago
Initial report: CERT-In issues 12-hour patch guidance for Indian organizations
Initial DisclosureOn **May 25**, **CERT-In** released a blueprint that sets an indicative **12-hour** remediation target for known exploited vulnerabilities on exposed systems. It pairs that timetable with AI-focused security controls and existing incident-reporting expectations for organizations in India.
Show sources
- India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws — www.infosecurity-magazine.com — 26.05.2026 13:30
- India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws — www.infosecurity-magazine.com — 26.05.2026 13:30