Industry News

Without strong governance in place, companies risk hitting a plateau where large-scale transformational growth and innovation across the enterprise become increasingly difficult. That s the velocity paradox leaders are navigating today, balancing urgency with accountability. IT leaders can utilize the data from their IT asset management tools to determine the level id shadow-AI in their organization.

According to a report released Wednesday by VulnCheck, fewer than 1% of software vulnerabilities were exploited in the wild over the past year. However, those flaws were being weaponized faster and on a larger scale than ever before. Researchers tracked over 14,000 exploits linked to over10,000 unique CVEs in 2025. That represents over a 16% increase from the prior year. A large percentage of that increase was linked proof-of-concept code that was generated by AI. IT managers can scan for unpatched or vulnerable software using their IT asset management tools.

At a minimum, agencies should enforce policies that forbid the use of unauthorized AI agents on government networks or devices, prohibiting the provision of credentials, tokens or system access to unsanctioned AI tools and that all AI tools must be explicitly approved before any use. Management can use its IT asset management tools to identify unauthorized code in use across the network.

Microsoft s March 2026 Patch Tuesday updates resolve a single critical-severity flaw, (CVE-2026-21536 with a score of 9.8). It is a remote code execution weakness in Devices Pricing Program that has already been fully mitigated. The company stated that There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Another security defect that stands out is an elevation of privilege issue in Azure MCP Server Tools. It can be exploited by sending specially crafted input to a server tool that accepts user-supplied parameters. Fortra associate director Tyler Reguly noted that CSOs should ensure that they have solid asset inventories around the deployment of cloud-related systems and tools, so that admins know where these things exist and when they need to be fixed. This is the best way to empower your sys admins and security teams on a quiet month like this. A robust IT asset management solution is a critical tool in maintain an accurate inventory.

The most recent Microsoft Patch Tuesday has been issued, however monthly security updates from Microsoft are still coming. The latest fix is an emergency, out-of-band, hot patch for a subset of Windows 11 enterprise users that addresses a number of critical security vulnerabilities that impact the Routing and Remote Access Service. The flaw could give attackers the ability to execute remote code and take control of the impacted device. These Common Vulnerabilities and Exposures are designated as CVE-2026-25172, CVE-2026-25173 and CVE-2026-26111. Unless patched, an attacker who is already authenticated on the domain could trick a domain-joined user to send a request to the malicious server via the RRAS snap-in. Even though a patch has already been made, the Patch Tuesday fix requires a device reboot. Oftentimes critical applications or services aren t open to rebooting on a whim, for obvious reasons. IT managers can use their IT asst management applications to identify vulnerable systems.

Microsoft recently issued an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps. The problem occurs after installing the KB5079473 cumulative update that was part of this month's Patch Tuesday. It warns users that the affected devices are not connected to the Internet. The list of affected apps includes Teams and OneDrive, Microsoft Edge, Microsoft 365 Copilot, Excel and Word, which display the same error message for features that require a Microsoft account sign-in. IT managers can identify unpatched systems using their IT asset management tools.

Exploitation timelines continue to compress. Newly disclosed flaws reach active use almost immediately. In addition, older vulnerabilities remain active years after disclosure. Newly disclosed vulnerabilities move into active exploitation with little delay. Simultaneously, older vulnerabilities remain active. Long-term exposure also appears in broader vulnerability trends. Almost 40% of the top-targeted vulnerabilities affected end-of-life devices. Over 30% of vulnerabilities were at least 10 years old. These figures point to persistent gaps between vendor lifecycle timelines and enterprise patching practices. IT professionals can identify unpatched and vulnerable devices using the data generated by their IT asset management systems.

According to a recent study, by June 2025 the number of Windows 11 installations surpassed that of Windows 10 with Windows 11 accounting for approximately 54% of all devices and Windows 10 is at 44%. If the PC Health Check utility reports that a device cannot run Windows 11, the user can still continue with Windows 10. Simply subscribing for the extended updates does not reanimate Windows 10. The user only receives security updates. Per Microsoft documentation, extended updates do not provide other types of fixes, feature improvements, or product enhancements. It also does not come with technical support. In reality security issues are not truly fixed; the problem is just pushed down the road until next year. When planning to continue using Windows 10 PC, the user must be extra vigilant. A third-party security that actively protects the PC to compensate for the security that Microsoft removed is critical. Users must install a powerful antivirus utility and keep it up to date, checking periodically to ensure the antivirus is working. IT managers can identify Windows 10 users by using the information generated by their IT asset management tools.

IT managers have warned about the risks of shadow IT, the unauthorized use of software or cloud services, since the cloud s inception. Shadow AI is new subset of this issue. It occurs when clinicians and other health system employees use unauthorized large language models. Alex Tyrrell, Ph.D., head of advanced technology at Wolters Kluwer and chief technology officer for Wolters Kluwer Health, noted that they started to hear anecdotally about shadow AI becoming more prevalent in 2025. Today surveyers are beginning to discover that up to 40% of respondents are aware of some form of shadow AI withing their organization. Looking across the range of risks, issues such as patient safety arise. Individuals who have used these technologies are familiar with the fact that they hallucinate and can make errors. Hospital IT managers can use IT asset management tools to identify unauthorized applications in use on the network.

Microsoft warned in January that some PCs with Secure Launch are unable to shut down or enter hibernation. Instead, the device restarts. PC World has learned that the Windows won t shut down bug is even worse than we thought. Ever since the January update, some Windows 11 haven't been able to shut down their PCs. Apparently, this bug also affects Windows 10. Microsoft admits that for Windows 10 and Windows 11 that some devices might fail to shut down or hibernate, adding that this issue affects some Secure Launch-capable PCs with Virtual Secure Mode enabled after installing Jan '26 updates. It appeared that this problem was fixed with January s emergency updates, however a solution remains in the works. Meanwhile, Microsoft advises users to "type cmd in the Search bar and select cmd from the search results to open a Command Prompt. In the Command Prompt window, type the following command and press Enter: shutdown /s /t 0. Microsoft also urges users that Until this issue is resolved, please ensure you save all your work, and shut down when you are done working on your device to avoid the device running out of power instead of hibernating.

The company also noted that "An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files." IT managers can pinpoint vulnerable unpatched systems using their IT asset management tools.

The FBI is warning that by operating older Wi-Fi routers, users are putting themselves and/or their companies at risk for a cyber-attack. This alert only applies to devices made in the late 2000s and early 2010s that no longer get support by their manufacturers. Router that are end-of-life can no longer receive software updates or security patches anymore. the FBI said, in a public advisory, that threat actors are exploiting known security flaws in outdated routers. They attempt to install malware, gain root access, and quietly fold the devices into botnets. The FBI identified several legacy models as especially vulnerable, all from Linksys. The list includes the E1200 (2011), the E2500 (2011), the E4200 (2011), the WRT320N (2009), and the M10 (2010). Legacy devices can easilty be identified using a firm s IT asset management toolset.

All identified end-of-support edge devices must be fully removed nationwide in 18 months. At the end of 2 years Agencies must put in place a continuous discovery process so future edge devices approaching end-of-support are identified and replaced prior to becoming a risk. Agencies with IT asset management systems in place can use that software to quickly become compliant.

Rapidly growing and free-to-use generative AI tools have created a new layer of technology in the workplace. Unfortunately, this growth is largely outside the control of corporate IT. Shadow AI use has expanded, even as enterprise software vendors have added AI functions to their applications. Shadow AI has parallels to the shadow IT challenges of prior decades, however uncontrolled use of AI is bringing its own challenges. These threats include breaches of privacy and confidentiality, loss of intellectual property, security issues, and even incorrect and damaging decisions made by shadow AI. IT managers can utilize their IT asset management tools to identify unauthorized software running on the corporate network.

Ivanti recently warned users of a high-severity bug and a medium-severity flaw resolved in EPM. Both flaws could be exploited remotely. The high-severity weakness, tracked as CVE-2026-1603, is described as an authentication bypass leading to the exposure of credential data. The medium-severity flaw (CVE-2026-1602) is an SQL injection security flaw that could enable attackers to read arbitrary data from the database. Both vulnerabilities were addressed in EPM 2024 SU5. The patch also includes fixes for 11 medium-severity vulnerabilities that Ivanti warned about in October.

The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340 with a CVSS score of 9.8, are described as code injection issues that could be exploited by unauthenticated attackers to enable remote code execution. They impact the in-house application distribution and the Android file transfer configuration features of EPMM. Successful exploitation of the zero-days would enable attackers to execute arbitrary code, move laterally to the connected environment, and access sensitive information stored in the EPMM. According to Ivanti, all EPMM versions up to 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0 are affected. IThe company released RPM patches 12.x.0.x and 12.x.1.x to address the security defects. The patches are version-specific, and users need to apply only the RPM applicable to their EPMM iteration.

If Outlook Classic freezes or hangs when using POP accounts or deal with PST files, Windows 11 KB5074109 will need to be removed. If they save files to cloud storage third-party applications can also become unresponsive. These two issues are related to a single core problem. Apparently, the January 2026 Update is a disaster. It continues to impact features in Windows 11, including something as basic as Sleep mode on some PCs. In several tests, Windows Latest found that the update causes a black screen, resets the desktop background and breaks File Explorer customization, among other problems. KB5074109 is a mandatory update that began rolling out on January 13, 2026. It installed automatically on PCs. PC s are using this update if OS Build 26200.7623 / 26100.7623 / in shown in Settings > System > About or winver. IT Pros can also use their IT asset management tools to pinpoint affected devices.

Fortinet has confirmed that a recent new attack campaign against customer devices is exploiting an unpatched issue to bypass authentication. The new attacks are not related a previous attack that targeted two vulnerabilities related to FortiCloud single sign-on (SSO) authentication. Fortinet is currently working on a patch to address the new issue, which impacts not only FortiCloud SSO, but all SAML SSO implementations. FortiCloud SSO is not enabled by default on devices but is enabled when the device is registered with FortiCare product support. interface.

The security defect, tracked as CVE-2025-20393 with a CVSS score of 10/10, was disclosed on December 17. That was shortly after Cisco s researchers observed its in-the-wild exploitation as a zero-day. Cisco noted that, This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. The flaw impacts the Spam Quarantine feature of the AsyncOS software running on Secure Email Gateway and Cisco Secure Email and Web Manager. It enables unauthenticated, remote attackers to send crafted HTTP requests to a vulnerable appliance, which resultis in arbitrary command execution on the underlying operating system, with root privileges. The vulnerability was resolved in AsyncOS versions 15.0.5-016, 15.0.5-016, 15.5.4-012, and 16.0.4-016 for Email Security Gateway, and in AsyncOS versions 15.0.2-007, 15.5.4-007, and 16.0.4-010 for Email and Web Manager. There are no workarounds for the bug, but users can update their software over the network. IT managers can identify affected devices by using the information from their IT asset management tools.

Microsoft s first Patch Tuesday announcements for 2026 included eight critical vulnerabilities and an actively exploited zero-day vulnerability. Most of the vulnerabilities impact Office products, with two flaws in SharePoint. Most scored over an 8 on the CVSS scale. Nick Carroll, cyber incident response manager at Nightwing, noted that Last year s abuse of SharePoint by Chinese APTs to deploy ToolShell against organizations should serve as a warning that SharePoint- and Office-related vulnerabilities can quickly become popular with threat actors. The other vulnerability that scored a CVSS rating over 8.8 is CVE-2026-20868 for the Windows Routing and Remote Access Service. There is also a patch for a lower-scoring hole in this service (CVE-2026-20843) that allows an elevation of privilege. However, the currently exploited vulnerability that should be immediately addressed by CSOs is CVE-2026-20805. It is a hole in Desktop Windows Manager (DWM) that allows a locally authenticated attacker to view information in memory, which enables them weaken system protections. IT managers can use their IT asset management tools set to identify vulnerable systems.

A recent report indicates that shadow AI remains a persistent challenge for organizations that are working to incorporate AI into their workflows. According to Netskope s report cver forty-five percent of employees use personal generative AI platforms that are not overseen by their companies. Unmonitored AI use creates gaps in companies security defenses which could be exploited by hackers. Personal AI use in corporate environments creates multiple risks. These include incomplete regulatory compliance and unsecured API connections between external AI services and internal company servers. Corporate data exposure is one of the most common consequences of unvetted AI us. Netskope said it had observed a year-over-year doubling in the number of incidents of users sending sensitive data to AI apps. Security experts say the best way for organizations to crack down on shadow AI use is by prioritizing the adoption of AI governance processes. In addition, IT asset resources can be used to identify systems running unauthorized software and apps.

Many CISOs assume that a breach is coming. Moreover, many doubt whether their teams will recognize the incident quickly enough to limit the fallout. Only a minority of CISOs feel confident in their crisis management frameworks. Visibility into the enterprise IT infrastructures a major problem. CISOs say they can see just over half of their IT environment at any given moment. That leaves large areas where evidence is difficult to find or verify. These gaps force teams to guess at the scope of an incident. When the information is incomplete, reporting becomes harder. A robust IT asset management toolset can provide a complete picture of all the devices on the network, and pinpoint vulnerable systems.

Ivanti recently patched a critical vulnerability in Endpoint Manager, tracked as CVE-2025-10573, which carries a CVSS score of 9.6. The flaw enables attackers to hijack administrator sessions without authentication. Once inside the network the hacker could potentially control thousands of enterprise devices. The company issued EPM version 2024 SU4 SR1 to address four vulnerabilities, including the critical flaw. Ivanti said that it was not aware of any customer systems being exploited at the time of disclosure. Security teams should treat this as a patch-immediately situation rather than a considering routine EPM s history of being targeted by attackers and the severity of the flaw.

Microsoft recently issued over 55 patches for Windows and other products. However, one vulnerability is already being exploited and needs to be addressed quickly. The flaw, addressed as CVE-2025-62221, is an escalation of privilege vulnerability in Windows Cloud Files Mini Filter Driver. It is described as a use-after-free problem whereby a program attempts to use a block of memory that has been returned to system control. The attack complexity is low and a threat actor could leverage it to escalate access privileges. Satnam Narang, senior staff research engineer at Tenable, note that Elevation of privilege bugs turn a foothold into a full breach as attackers often use them to conduct post-compromise activity after they have gained initial access through other means, such as social engineering or exploitation of another flaw. Windows Cloud Files Mini Filter Driver is an attractive target because it is a file system driver that enables cloud applications to access file system functionalities. Jack Bicer, director of vulnerability research at Action1, said that patching this vulnerability is the most urgent concern because it is actively being exploited by any attacker who can get any level of local access. IT managers can use the information from their IT asset management solution to identify unpatched systems.

According to Gartner, AI browsers, such as Perplexity Comet and OpenAI s ChatGPT Atlas present security risks that cannot be adequately mitigated. The firm recommends that enterprises should prevent employees using them. Analysts Dennis Xu, Evgeny Mirolyubov, and John Watts noted that Gartner strongly recommends that organizations block all AI browsers for the foreseeable future because of the cybersecurity risks. The comes as AI browsers have gained a foothold in the enterprise. Over a quarter of organizations already have at least one user with an AI browser installed. IT professionals can use their IT asset management tools to identify unsupported/unauthorized software or shadow IT across the network.

Fortinet recently warned that a five-year-old improper authentication flaw in FortiOS is once again being exploited. Fortinet says that the security defect, tracked as CVE-2020-12812, is due to differences in the behavior of FortiGate and LDAP Directory when it comes to authentication. FortiGate treats usernames as case-sensitive by default, but the LDAP Directory does not. When attackers change the case of the username it results in the affected appliance not requesting the second factor of authentication. Mitigations for the security defect were included in FortiOS versions 6.0.10, 6.2.4, 6.4.1. Organizations should update their software to newer iterations to prevent exploitation. An IT asset management tools set can be used to identify systems running older software versions.