CISA Orders Agencies to Patch by Risk, Not Severity

Thursday, June 11, 2026 at 03:00 PM UTC·Source: Infosecurity Magazine

Updated: Thursday, June 11, 2026 at 03:01 PM UTC

Executive Summary

New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores

Analysis

New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores

Source Attribution

Originally published by Infosecurity Magazine on Jun 11, 2026.

Related Threats

LOWVulnerability

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) projects is here to deliver. Building on the previous pattern of HttpTrace comes two new options KerberosTicketTrace and

2h agoRapid7

MEDIUMVulnerability

Ozempic Drug Maker Loses Clinical Trial Data in Hack

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ozempic-drug-maker-loses-clinical-trial-data-in-hack-image_small-6-a-31962.jpg" align=right hspace=4>Novo Nordisk Breach Involved 'Copying' of Patient, Healthcare Provider Info A hack on Danish pharmaceutical manufacturer Novo Nordisk has compromised some patients' clinical trial information, the maker of popular weight

3h agoBank Info Security

MEDIUMVulnerability

ISACA Survey: AI Adoption Is Rising, Visibility Is Not

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/isaca-survey-ai-adoption-rising-visibility-not-image_small-7-a-31960.jpg" align=right hspace=4>Governance Professionals Struggle to Measure ROI and Control AI Systems AI is becoming embedded across the enterprise, yet many organizations still can't quantify its value or answer key questions about oversight and control. I

3h agoBank Info Security