Tuesday , July 14 2026
CERT

CERT-In Recommends 12-Hour Patching for Internet Facing Flaws Amid AI Attacks

The Indian Computer Emergency Response Team (CERT-In) has released new rules. Organizations must fix serious security problems in online systems within 12 hours if possible. This is to protect against threats from bad actors using artificial intelligence (AI) tools and large language models (LLMs) to find and exploit vulnerabilities quickly and on a larger scale.

“AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems,” CERT-In said in a 38-page blueprint published Monday.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

“As organizations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors.”

With threat actors starting to use AI for many tasks, like finding attack points, analyzing exploits, creating convincing phishing messages, and even making malware, they can shorten the time needed to prepare for attacks and get around traditional security measures.

AI systems can also be attacked in harmful ways. This includes prompt injections, data leaks, jailbreaking, changing models, poisoning training data, stealing models, and breaking into their processes. These actions can harm the safety and trustworthiness of these systems.

CERT-In has warned that groups should prepare for attacks to happen much faster and on their own. This means they need to adopt stronger cybersecurity measures, which include ongoing threat checks, reducing risks early, and being ready to respond.

Some ideas from the cybersecurity agency to help protect against AI-related cyber threats are listed below –

Assume breach and prepare for rapid detection, containment, and recovery from compromise scenarios.
Adopt a Zero Trust approach by enforcing continuous verification and least-privilege access.
Implement a defense-in-depth strategy with layered controls across infrastructure to eliminate single points of failure and minimize the overall impact of a successful breach.
Monitor and reduce exposure to security vulnerabilities.
Embed a secure-by-design paradigm into systems, applications, and AI workflows.
Maintain operational continuity during cyber incidents and disruption scenarios.
Safeguard sensitive and operationally critical data throughout its lifecycle.
Reduce software supply chain risks arising from third-party software, AI models, and dependencies through SBOM, provenance validation, and assessments.
Test security effectiveness against evolving threats through red teaming, vulnerability assessments, penetration testing, and independent audits.
Prioritize controls based on operational criticality and threat exposure.
Establish formal governance mechanisms regarding the use of AI systems.
Maintain visibility into AI systems, integrations, and operational behavior.

“Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats,” CERT-In said. “Controls should priorities protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure.”

The agency is asking organizations to use “ongoing, risk-focused ways to manage vulnerabilities and patches” to lower risks from security issues, bad setups, unsafe APIs, services open to everyone, and weak identities. They say that known problems affecting important systems that are online should be fixed within 12 hours if possible.

Other risk-based remediation times are as follows:

Critical externally exposed vulnerabilities: Within 1 day
Known exploited vulnerabilities affecting internal systems: Within 1 day unless other mitigations are implemented and documented
Critical internal vulnerabilities affecting high-value systems: Within 3 days
High-severity vulnerabilities: Within 5 days based on risk prioritization

In situations where patches are not ready, it is best to use temporary solutions like isolating systems, limiting access, using WAF/API protection, increasing monitoring, or turning off features until the fix is out.

“Given the rapidly evolving nature of AI-assisted cyber threats, organisations should continuously reassess exposure, validate security controls, strengthen resilience capabilities, and enhance operational preparedness through ongoing audits, monitoring, testing, and coordinated cybersecurity governance,” CERT-In said.

The plan comes a month after CERT-In warned about the increasing hacking abilities of advanced AI models from Anthropic and OpenAI. It said these models could help bad actors by making it easier for them to attack, automate their attacks, and grow their cyber campaigns.

“Keeping pace with frontier AI-driven cyber developments is critical for maintaining cyber resilience,” it added. “Baseline cybersecurity controls remain critical and should be rigorously enforced.”

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …