Security news aggregator

Latest coverage for Flaw

Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.

Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.

Showing 20 most recent headlines of 26 Filtered view

A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…

Recent advisories from U.S. federal authorities on vulnerabilities in certain operational technology devices underscore the potential security risks that many healthcare providers frequently underestimate, said Sila Özeren, a security research engineer at Picus Security.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

Persistent Security's Marcus Vervier on Microsoft Flaws, Pitfalls of AI CodingA newly discovered vulnerability present in Microsoft's Copilot and Visual Studio has brought a fresh batch of concerns around the security of artificial intelligence-powered coding tools to the forefront. It has the potential to turn AI models into a new attack vector.

Bank Info Security 10 months ago

Breach Roundup: Vidar Strikes Back

Also, Akira Ransomware Resumes Attacks Via SonicWall FlawsThis week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn't hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.

GitLab's Joern Schneeweisz on Prompt Injections and Old AppSec IssuesLarge language models pose systemic risks, and the rush to release AI products revives old security flaws. Prompt injections and familiar application vulnerabilities expose gaps created when speed outweighs safety, said Joern Schneeweisz, principal security engineer at GitLab.

Patch, turn on MFA, and restrict access to trusted networks…or else Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.…

Krebs on Security 10 months, 1 week ago

Microsoft Patch Tuesday, September 2025 Edition

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Loading more headlines...