CISA speeds up cyber defense with tighter KEV patch deadlines and global reporting
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative to accelerate cyber defence efforts. A fresh nomination form now lets researchers, vendors, and industry partners report vulnerabilities for inclusion in the Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog serves as an official list of software and hardware flaws that require urgent patching within strict deadlines. Recent data shows that defenders fix KEV-listed vulnerabilities 3.5 times faster than non-KEV bugs. This speed is critical as the number of vulnerabilities with 24-hour or three-day patch deadlines has risen over the past year.
CISA’s Acting Director Nick Anderson and U.S. National Cyber Director Sean Cairncross recently discussed cutting the KEV deadline for new bugs to just three days. The push comes amid concerns over AI-powered exploits, which can rapidly weaponise unpatched flaws. Acting Executive Assistant Director for Cybersecurity Chris Butera has urged researchers and organisations to share threat intelligence, reinforcing the need for collective action. The new reporting pathway also opens the catalog to non-U.S. government contributors. By widening participation, CISA aims to improve vulnerability disclosure, exploitation tracking, and overall system security.
The expanded KEV catalog and faster patching deadlines reflect growing urgency in cybersecurity defence. With AI-driven threats evolving, CISA’s move seeks to close gaps before attackers exploit them. The agency’s call for broader collaboration underscores the need for rapid, coordinated responses to emerging risks.
Read also:
- India's Agriculture Minister Reviews Sector Progress Amid Heavy Rains, Crop Areas Up
- Sleep Maxxing Trends and Tips: New Zealanders Seek Better Rest
- Over 1.7M in Baden-Württemberg at Poverty Risk, Emmendingen's Housing Crisis Urgent
- Cyprus, Kuwait Strengthen Strategic Partnership with Upcoming Ministerial Meeting
