Security news aggregator

Latest coverage for Flaw

Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.

Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.

Showing 20 most recent headlines of 21 Filtered view

Enterprise Monitoring Systems Failed to Detect Ex-Worker's Unauthorized LoginsA Singapore court has sentenced a former employee of NCS Group to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers months after his employment ended. The company detected the unauthorized access after he deleted the servers.

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager ProductSecurity researchers have discovered another major vulnerability in Ivanti’s widely-used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time, just months after the company patched a separate SQL injection flaw in the same product.

Bank Info Security 2 years, 1 month ago

Breach Roundup: US Federal Cyber Incidents Go Up

Also: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and BurnoutThis week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.…

Bank Info Security 2 years, 1 month ago

Ransomware Gang TellYouThePass Exploits PHP Vulnerability

Flaw Allows Unauthenticated Attackers to Execute Arbitrary CodeA ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical severity vulnerability in scripting language PHP. The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.

Kaspersky Unveils 24 Flaws in ZKTeco TerminalsA promise of better security through biometrics fell short after security researchers dismantled an access system manufactured by a Chinese manufacture, only to discover 24 vulnerabilities contained inside. ZKTeco specializes in hybrid biometric verification technology.

Bank Info Security 2 years, 1 month ago

Half a Dozen Flaws in Netgear Router Put User Data at Risk

Vulnerabilities Could Lead to Unauthorized Data Access and ManipulationHalf a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, network manipulation and exposure of sensitive data.

Loading more headlines...