Security news aggregator

Latest coverage for Vulnerability Management

Vulnerability management finds and prioritizes exploitable weaknesses, reducing breach risk through timely patching, remediation, and verification.

21 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vulnerability management is the ongoing process of finding, assessing, prioritizing, and addressing weaknesses in software, systems, cloud services, and devices. It helps defenders reduce the attack surface: an attacker may use a known flaw in an internet-facing service, endpoint, or dependency to gain access or increase privileges, but exposure depends on factors such as reachability, exploit availability, and existing controls.

Effective practice combines an accurate asset and software inventory with authenticated scanning, threat intelligence, and risk-based prioritization rather than treating every finding equally. Teams should patch or upgrade vulnerable components within defined timeframes, remove unnecessary exposure, or apply compensating controls such as isolation, access restrictions, and configuration changes when immediate remediation is impractical. Remediation must be verified through rescanning or other testing, with exceptions documented and reviewed; this also provides evidence for security governance and compliance. Vulnerability management supports incident response by identifying affected assets when a newly exploited flaw is disclosed.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 21 Filtered view
Bank Info Security 1 month, 3 weeks ago

Mythos-Level AI Is Creating a Tech Debt Crisis

Advanced AI Models Find More Holes Than Enterprise Security Teams Can PlugArtificial intelligence models such as Anthropic's Mythos are rapidly exposing decades of hidden software security debt, forcing CIOs and CISOs to rethink vulnerability management, remediation capacity and the trade-offs between availability and breach prevention.

Bank Info Security 2 months, 3 weeks ago

TekStream Targets Proactive Security With ImagineX Cyber Buy

Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR CoreTekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.

SANS Institute and Cloud Security Alliance Leaders on the Coming Vulnerability StormIn the latest Proof of Concept, SANS and Cloud Security Alliance leaders join ISMG editors to discuss how the storm clouds of Claude Mythos could upend cyber defenses by compressing time to exploit, and why vulnerability management, risk models and security operations must change.

Bank Info Security 4 months, 3 weeks ago

Startup Astelia Secures $35M for AI Vulnerability Management

Index Ventures Backs End-to-End Platform, Targeting of AI-Driven Vulnerability RiskAstelia raised $35 million in Series A funding led by Index Ventures to scale its AI-powered exposure management tool. The company uses AI agents and network analysis to help enterprises prioritize exploitable vulnerabilities and reduce remediation noise across hybrid and on-premises environments.

Bank Info Security 4 months, 4 weeks ago

Audit Finds Security Weaknesses at VA Spokane Medical Center

Access, Vulnerability Management, Configuration LapsesA federal watchdog agency inspection of information security at the VA health system in Spokane, Wash. last year found deficiencies across three areas - configuration management, vulnerability management and access controls - that could potentially put sensitive data at risk, a new report said.

Bank Info Security 5 months, 3 weeks ago

Congress Proposes Steep Cuts to CISA

Nearly $270M Cut From CISA Despite Mounting Foreign CyberthreatsCongress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.

Bank Info Security 7 months, 1 week ago

Checkmarx Purchases Tromzo to Boost AI Security Automation

Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.

Bank Info Security 7 months, 2 weeks ago

When ERP Systems Become the Attack Surface

Skills Needed: Enterprise Architecture, Configuration and Vulnerability ManagementWhen a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.

Bank Info Security 8 months, 2 weeks ago

NIS2 Enhances Vulnerability Management Practices

Integrity's Ed Parsons on How Regs Are Pushing Firms Toward Proactive SecurityThe NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Integrity.

Bank Info Security 8 months, 3 weeks ago

How Unified Exposure Management Cuts Risk, Boosts Efficiency

Tenable's Nate Dyer on Moving Beyond Traditional Vulnerability ManagementVulnerability management no longer covers the full attack surface. Nathan Dyer of Tenable explains how unified exposure management helps reduce risk, shrink ticket volume and increase operational efficiency by unifying data, context and response across teams.

Bank Info Security 9 months, 1 week ago

Why OT Security Is Still a Special Child

Verve's Rick Kaun on Bridging the Gap Between IT and OT SecurityOperational technology faces security risks that differ sharply from IT, yet both teams must collaborate to secure critical assets, said Rick Kaun, vice president of solutions at Verve. He explains why OT security needs a different approach to vulnerability management and risk prioritization.

Bank Info Security 9 months, 3 weeks ago

Career Spotlight: White Hat Hackers in an Automated World

Pentesting Tools Uncover Vulnerabilities but White Hat Skills Are Still in DemandAutomated pentesting tools offer faster visibility and robust integration with daily security operations, but automation doesn't eliminate the need for humans in the loop. Automation raises the baseline for vulnerability management and changes what white hat hackers need to know to stay relevant.

Former Inspector Reviews Sector's Take on AI, Zero Trust, Vulnerability ManagementSecuring U.S. nuclear infrastructure remains a hot-button topic, especially because it remains an attractive cyberattack target for nation-state adversaries. Former regulatory inspector Mark Rorabaugh, president of InfraShield, details the current state of the sector's cybersecurity posture.

Bank Info Security 1 year, 6 months ago

Nuclei Patches High Severity Flaw in Security Tool

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscoveryOpen-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Data Protection, Firewall Stocks Surge as Vulnerability Management Stocks StruggleFortunes diverged for publicly-traded cybersecurity companies in 2024, as the technology category they played in and market share they held largely determined their fate. Investors last year looked favorably upon companies in the data protection space, with Commvault and Rubrik recording big gains.

Buy of Application Security Startup Enhances Code-to-Cloud Vulnerability ManagementWiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations.

Bank Info Security 1 year, 10 months ago

Absolute Purchases Syxsense to Tackle Cyber Vulnerabilities

Acquisition Brings Vulnerability Management to Absolute's Cyber Resilience PlatformAbsolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.

Activist Investors Are Rare in Cybersecurity, But Rapid7's Struggles Drew a Firm InJana Partners announced a "significant" stake in Boston-based Rapid7 Wednesday and plans to push the vulnerability management firm to sell itself. The activist investor is working with investment firm Cannae Holdings, and wants Cannae to team up with a private equity firm to buy Rapid7.

Bank Info Security 2 years, 8 months ago

SonicWall Buys Solutions Granted to Offer MSPs More Services

Buying Master MSSP Will Bring MDR, SOC and Vulnerability Management to MSPs, MSSPsSonicWall acquired a longtime master MSSP partner to bring MDR, SOC and vulnerability management capabilities to its managed service providers. Buying Solutions Granted will help SonicWall detect and respond to endpoint or cloud-based threat activity on behalf of its MSP and MSSP partners.

Loading more headlines...