Stay informed about the latest vulnerability findings, security patches, and risk management strategies in information security.
Search across headline titles and summaries.
Background for this topic.
Vulnerability in information security is a weakness, flaw, or gap in a system’s design, implementation, operation, or management that could be exploited to violate the system's security policy. It is essentially a defect within a system that leaves it open to potential attacks from threat actors, such as hackers or malicious software. Vulnerabilities can exist in various components of an information system, including the hardware, software, network, or even the human elements involved in operations.
Vulnerabilities can stem from a number of sources, including, but not limited to, insufficient security controls, incorrect system configurations, programming errors, and inadequate security practices. They can be discovered through the use of automated scanning tools, manual code analysis, or through the notification by third parties, such as security researchers or users who have encountered unexpected system behavior.
Considering the dynamic landscape of cyber threats, regularly identifying, categorizing, patching, and mitigating vulnerabilities is key to protecting information assets. Failure to address vulnerabilities can lead to unauthorized access, data breaches, loss of sensitive data, and other severe consequences that compromise an organization's integrity, availability, and confidentiality of data.
Weekly headline count for the current query.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw added to the catalog, tracked […]
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker
Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]
The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]
CEO Nikesh Arora Says Agentic Workloads Generate Traffic Requiring InspectionPalo Alto Networks said surging AI infrastructure investment and growing enterprise demand for AI governance are expanding cybersecurity spending, while false positives from advanced AI vulnerability tools underscore the continued need for human oversight.
Auditors Accuse Agency of Mismanagement and Program OverlapManagement by the National Institute of Standards and Technology of a repository of vulnerability data came under sharp criticism from federal auditors who said the agency approached it with "lack of strategic planning and decisive action."
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic […]
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]
Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days