Security news aggregator

Latest coverage for Vulnerability

Stay informed about the latest vulnerability findings, security patches, and risk management strategies in information security.

4 headlines in this view

Vulnerability in information security is a weakness, flaw, or gap in a system’s design, implementation, operation, or management that could be exploited to violate the system's security policy. It is essentially a defect within a system that leaves it open to potential attacks from threat actors, such as hackers or malicious software. Vulnerabilities can exist in various components of an information system, including the hardware, software, network, or even the human elements involved in operations.

Vulnerabilities can stem from a number of sources, including, but not limited to, insufficient security controls, incorrect system configurations, programming errors, and inadequate security practices. They can be discovered through the use of automated scanning tools, manual code analysis, or through the notification by third parties, such as security researchers or users who have encountered unexpected system behavior.

Considering the dynamic landscape of cyber threats, regularly identifying, categorizing, patching, and mitigating vulnerabilities is key to protecting information assets. Failure to address vulnerabilities can lead to unauthorized access, data breaches, loss of sensitive data, and other severe consequences that compromise an organization's integrity, availability, and confidentiality of data.

Showing 4 most recent headlines Filtered view

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

Bleeping Computer 1 week, 3 days ago

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

More from Bleeping Computer 25 May 2026, 2:12 a.m. Incident · 5 stories CVE-2026-26980 CVE Critical Flaw JavaScript SQL Vulnerability

The Hacker News 4 weeks, 1 day ago

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck

More from The Hacker News 5 May 2026, 11:56 p.m. Incident · 5 stories CVE-2026-29014 CVE Critical Flaw Open Source PHP Remote Code Execution Threat Actor Unauthenticated Vulnerability

The Hacker News 1 month, 2 weeks ago

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution

More from The Hacker News 15 Apr 2026, 3:57 a.m. Incident · 5 stories CVE Disclosure Flaw PHP Patch Vulnerability

Latest coverage for Vulnerability

Refine the feed

Tag briefing

Volume over time

Fresh headlines available

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released