Find notable cyber news and cases, enriched with sources, timelines, and signals.

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

CERT-In published new guidance on May 25 urging Indian organizations to patch actively exploited internet-facing vulnerabilities within 12 hours, tightening response expectations for exposed systems. The blueprint links the change to AI-assisted reconnaissance, vulnerability discovery, phishing and malware development, which shortens the defender window. It also tells organizations to prioritize KEVs and EPSS over severity scores alone when deciding what to fix first. Where no patch exists, the guidance recommends interim controls such as isolation, access restriction or WAF protection.

Related Happenings

CISA BOD 26-04 three-day remediation directive

Public Sector Action
H score36 First: 24.06.2026 17:35 Last: 24.06.2026 17:35 Sources 1

About this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
H score39 First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

How related: CERT-In set an indicative 12-hour expectation for containing or remediating known exploited vulnerabilities (KEVs) on "internet-facing and crown-jewel systems."

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

CERT-In issues rapid patching guidelines for internet-facing systems

Public Sector Action
H score38 First: 26.05.2026 12:13 Last: 26.05.2026 12:13 Sources 1

About this happening: **CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
H score44 First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

ICO releases five-step AI cyber guidance

Public Sector Action
H score18 First: 14.05.2026 12:00 Last: 14.05.2026 12:00 Sources 1

About this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...

Timeline

  1. 26.05.2026 13:30 2 articles · 1mo ago

    Initial report: CERT-In issues 12-hour patch guidance for Indian organizations

    Initial Disclosure

    On **May 25**, **CERT-In** released a blueprint that sets an indicative **12-hour** remediation target for known exploited vulnerabilities on exposed systems. It pairs that timetable with AI-focused security controls and existing incident-reporting expectations for organizations in India.

    Show sources