Security news aggregator

Latest coverage for Flaw

Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.

Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.

Showing 20 most recent headlines of 24 Filtered view
Bank Info Security 2 years, 1 month ago

Critical PHP Vulnerability Threatens Windows Servers

Remote Code Execution Exploit Found; Patch Now AvailableA critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.

Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials Cisco squashed some bugs this week that allowed anyone to view WebEx meeting information and join them, potentially opening up security and privacy concerns for highly sensitive meets.…

You upgraded when this was fixed in April, right? Right?? If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been made public.…

Bank Info Security 2 years, 1 month ago

Microsoft Says Azure Cloud Attack Scenario Isn't a Flaw

Redmond Calls Tenable Report Evidence of Customers Misconstruing Azure Service TagsMicrosoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. An attacker with an Azure instance could obtain access to company resources by sending customizable HTTP requests.

Bank Info Security 2 years, 1 month ago

Zyxel Releases Emergency Security Update for NAS Devices

Company Addresses Flaws in End-of-Life NAS DevicesNetworking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.

Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.…

Security Researcher Says Flaw Came From 700 Exposed APIs Belonging to CoxAn independent security researcher discovered a critical flaw in the backend infrastructure of the largest broadband provider in the United States that, if exploited, could have left millions of business customer devices vulnerable to major cyberattacks.

Loading more headlines...