Attackers target critical FortiSandbox flaws as CISA issues patch order
Command injection vulns land on exploited list after researchers spot abuse attempts
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Weekly headline count for the current query.
Command injection vulns land on exploited list after researchers spot abuse attempts
Three bugs are under active attack, and two more critical holes could add to the pain
Flaws in iCagenda, Balbooa Forms extensions can impact open source CMS that powers a million sites worldwide
Attackers appear to have reverse-engineered Big Red's patch
Carmaker points finger at an 'unknown' flaw as customer fallout continues
Researchers warn many AI coding assistants now execute commands from project configurations
EXCLUSIVE 'Working as intended' for the win … again
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability
And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
AI flaw-finder still under lock and key for now while company figures out guardrails, but extends access to more users including governments
Critical flaw payouts slashed by more than 75%
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling
Palo Alto Networks found and fixed 75 flaws this month, up from its usual five
Apache, Alibaba databases vulnerable and only one has a patch
After all that hype, AI scanner found one low-severity cURL flaw