Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 5 most recent headlines Filtered view
Bank Info Security 2 years, 2 months ago

UK Government Publishes AI Cybersecurity Guidance

Guidance Is First Step to Global Standard, Says Minister for AIThe U.K. government released voluntary guidance intended to help artificial intelligence developers and vendors protect models from hacking and potential sabotage. Companies should strengthen supply chain security and decrease risks from vulnerable AI systems to customers, such as data loss.

Bank Info Security 2 years, 2 months ago

Report: 11 Vulnerabilities Found in GE Ultrasound Devices

GE HealthCare Says Risks Can Largely Be Mitigated Through Security Best PracticesSecurity researchers have found 11 vulnerabilities in certain GE HealthCare ultrasound products that could allow malicious actors to physically implant ransomware or manipulate patient data stored on the affected devices. GE said the risks can be mitigated through best security practices.

Bank Info Security 2 years, 2 months ago

Microsoft Patches Zero-Day Exploited by QakBot

Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in AprilMicrosoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.

Bank Info Security 2 years, 2 months ago

Experts Warn the NVD Backlog Is Reaching a Breaking Point

Federal Database Nears 10,000 Unanalyzed Vulnerabilities Amid Halt in OperationsThe National Vulnerability Database is currently suffering from a backlog of nearly 10,000 unanalyzed common vulnerabilities and exposures amid an apparent halt in data enrichment operations and a growing debate over who should be in charge of overseeing the massive security risk library.

Bank Info Security 2 years, 2 months ago

Cinterion IoT Cellular Modules Vulnerable to SMS Compromise

Modules Widely Deployed in Manufacturing, Telecommunications and Healthcare DevicesMultiple types of Telit Cinterion cellular modules for IoT and machine-to-machine devices, which are widely used across industrial, financial services, telecommunications and healthcare environments, are vulnerable to being remotely compromised via malicious SMS messages, security researchers warn.