Security news aggregator

Latest coverage for Vulnerability

Stay informed about the latest vulnerability findings, security patches, and risk management strategies in information security.

341 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vulnerability in information security is a weakness, flaw, or gap in a system’s design, implementation, operation, or management that could be exploited to violate the system's security policy. It is essentially a defect within a system that leaves it open to potential attacks from threat actors, such as hackers or malicious software. Vulnerabilities can exist in various components of an information system, including the hardware, software, network, or even the human elements involved in operations.

Vulnerabilities can stem from a number of sources, including, but not limited to, insufficient security controls, incorrect system configurations, programming errors, and inadequate security practices. They can be discovered through the use of automated scanning tools, manual code analysis, or through the notification by third parties, such as security researchers or users who have encountered unexpected system behavior.

Considering the dynamic landscape of cyber threats, regularly identifying, categorizing, patching, and mitigating vulnerabilities is key to protecting information assets. Failure to address vulnerabilities can lead to unauthorized access, data breaches, loss of sensitive data, and other severe consequences that compromise an organization's integrity, availability, and confidentiality of data.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 341 Filtered view

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]

More from Security Affairs 3 Jun 2026, 9:44 p.m. Incident · 3 stories Actively exploited CVE-2025-48595 Android CVE Fixed Flaw Google Mobile Patch Privilege Escalation Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation

More from The Hacker News 3 Jun 2026, 6:14 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Unauthenticated Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic […]

More from Security Affairs 3 Jun 2026, 3:18 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Palo Alto Networks Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2026-0257 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May […]

More from Security Affairs 1 Jun 2026, 8:36 p.m. Incident · 3 stories Actively exploited CVE-2026-0257 America CISA CVE Flaw Palo Alto Networks Vulnerability

CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS […]

More from Security Affairs 1 Jun 2026, 5:52 a.m. Incident · 14 stories Actively exploited CVE-2026-0257 Bypass CVE Flaw Palo Alto Networks VPN Vulnerability

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability

More from The Hacker News 30 May 2026, 2:39 a.m. Incident · 4 stories Actively exploited CVE-2026-39987 CVE Cloud Compromise Credentials Disclosure Exploit Initial Access Threat Actor Vulnerability

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

More from Security Affairs 29 May 2026, 1:14 a.m. Incident · 2 stories Actively exploited CVE-2026-8398 America CISA CVE Flaw Microsoft Tools Vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the LiteSpeed cPanel Plugin flaw CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-48172 (CVSS score of 10.0) affects the LiteSpeed User-End cPanel plugin before version 2.4.5 and allows […]

More from Security Affairs 28 May 2026, 9:39 p.m. Incident · 6 stories Actively exploited CVE-2026-48172 America CISA CVE Flaw Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026

More from The Hacker News 15 May 2026, 5:28 p.m. Incident · 7 stories Actively exploited CVE-2026-20182 America Authentication Bypass CISA CVE Cisco Critical Disclosure Exploit Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild

More from The Hacker News 3 May 2026, 6:26 p.m. Incident · 7 stories Actively exploited CVE-2026-31431 America CISA CVE Disclosure Flaw Linux Privilege Escalation Root Vulnerability