Explore the latest frameworks in information security. Stay updated on guidelines to protect your digital assets and ensure data privacy.
Search across headline titles and summaries.
Background for this topic.
Framework in information security is a structured set of guidelines designed to help organizations implement effective security measures. It consists of policies, standards, procedures, and controls that are established to protect against cybersecurity threats and manage risk.
Within this context, a security framework often includes best practices, compliance requirements, and a systematic approach to managing an organization’s overall security posture. Some popular information security frameworks include ISO/IEC 27001, the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and the Control Objectives for Information and Related Technologies (COBIT).
Frameworks serve as a foundation for creating a secure environment, guiding businesses in the identification, implementation, and maintenance of information security measures. They are crucial for establishing a comprehensive and consistent security strategy, reducing vulnerabilities, and ensuring that security efforts align with the organization's business objectives and regulatory requirements.
Weekly headline count for the current query.
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [...]
We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring