News

News brief: 6 Microsoft zero days and a warning from CISA

Check out the latest security news from the Informa TechTarget team.

Staff report
By
Published: 13 Feb 2026

Enterprises are increasingly in a race against time to address vulnerabilities before attackers exploit them.

The bad guys are getting faster, and patch management isn't keeping up. Threat intelligence services provider Flashpoint found the average time to exploit -- the period between a vulnerability's disclosure and its weaponization in the wild -- plummeted from 745 days in 2020 to just 44 days in 2025. Worryingly, according to Statista research, organizations put off patching critical vulnerabilities for an average of 165 days last year.

The speed with which attackers now barrel through soft spots in enterprise defenses makes this week's featured news articles all the more urgent. Rather than routine maintenance activities, patching critical zero days and retiring insecure devices are increasingly high-stakes defense sprints.

Not a drill: Microsoft patches 6 zero days under active exploitation

Microsoft's latest security update includes patches for six actively exploited zero days and five additional CVEs the provider said malicious actors are relatively likely to exploit. Three of the zero days involve security feature bypass flaws in various Microsoft products, enabling attackers to circumvent built-in defensive controls. The February update addressed 59 flaws in total.

Microsoft emphasized the importance of applying these patches promptly to protect systems from potential exploitation. This update highlights the growing sophistication of cyberthreats and the need for organizations to maintain strong patch management practices to safeguard their infrastructure.

Read the full article by Jai Vijayan on Dark Reading.

CISA orders federal agencies to remove unsupported edge devices

CISA has issued a binding operational directive requiring federal agencies to stop using unsupported network edge devices, such as firewalls and routers, within a year. CISA said end-of-support (EOS) devices pose a substantial and constant "imminent threat."

Agencies must update outdated devices, report their usage and decommission those with expired support. Within 24 months, processes must be established to track and remove unsupported devices before their EOS dates.

While the directive targets federal agencies, CISA encourages broader adoption by local governments and businesses. Despite limited enforcement power, CISA will collaborate with the White House to monitor compliance and provide support.

Read the full article by Eric Gellar on Cybersecurity Dive.

Attack on Poland's energy grid prompts warning to U.S. critical infrastructure operators

A recent cyberattack on Poland's energy grid, attributed to Russian hacker groups Berserk Bear and Sandworm, underscores the dangers posed by vulnerable edge devices in operational technology (OT) environments. CISA warned U.S. critical infrastructure operators to take note.

In the December 2025 attack, malicious hackers exploited internet-facing FortiGate devices with reused passwords, enabling them to access a variety of OT devices with default passwords. The attackers were then able to deploy wiper malware, corrupt firmware and disrupt system operations. While renewable energy systems continued production, operators lost control and monitoring capabilities.

In an advisory, CISA emphasized the need for OT asset operators to implement stronger cybersecurity measures, including changing default passwords and enabling firmware verification on OT devices. The incident also highlights the urgent need for critical infrastructure operators to enhance defenses against cyberthreats.

Read the full story by Eric Geller on Cybersecurity Dive.

Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.

Alissa Irei is senior site editor of Informa TechTarget Security.

Dig Deeper on Threats and vulnerabilities