Security news aggregator

Latest coverage for Flaw

Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.

18 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.

Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.

Showing 18 most recent headlines Filtered view

Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…

Bank Info Security 2 years, 2 months ago

Breach Roundup: Cloud Error Reveals DPRK Sanctions Busting

Also: Hospitals Spend More on Cybersecurity; Critical Flaw in WordPressThis week, a cloud server error revealed sanction busting, Moody's said hospital cybersecurity spending is up, the U.S. restricted visas for commercial spyware operators, a ransomware attack hit a lab in Italy, hackers exploited a WordPress flaw, and Argentinian data is for sale on a criminal forum.

Don't get too comfortable: 'Line Dancer' malware may be targeting other vendors, too A previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.…

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [...]

Two rounds of reports and patches may not have completely closed this hole BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…