Stay informed about the latest vulnerability findings, security patches, and risk management strategies in information security.
Search across headline titles and summaries.
Background for this topic.
Vulnerability in information security is a weakness, flaw, or gap in a system’s design, implementation, operation, or management that could be exploited to violate the system's security policy. It is essentially a defect within a system that leaves it open to potential attacks from threat actors, such as hackers or malicious software. Vulnerabilities can exist in various components of an information system, including the hardware, software, network, or even the human elements involved in operations.
Vulnerabilities can stem from a number of sources, including, but not limited to, insufficient security controls, incorrect system configurations, programming errors, and inadequate security practices. They can be discovered through the use of automated scanning tools, manual code analysis, or through the notification by third parties, such as security researchers or users who have encountered unexpected system behavior.
Considering the dynamic landscape of cyber threats, regularly identifying, categorizing, patching, and mitigating vulnerabilities is key to protecting information assets. Failure to address vulnerabilities can lead to unauthorized access, data breaches, loss of sensitive data, and other severe consequences that compromise an organization's integrity, availability, and confidentiality of data.
Weekly headline count for the current query.
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild