Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 year, 1 month ago

Governments Embrace Secure by Design to Curb Cyberthreats

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce VulnerabilitiesGovernments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Bank Info Security 1 year, 1 month ago

Vulnerability Databases Face Accuracy and Access Gaps

VulnCheck's Garrity on the Uncertainty of the CVE Ecosystem and EUVD's LimitationsFunding shortages and incomplete coverage in critical vulnerability databases are increasing the risk for defenders. Patrick Garrity, security researcher at VulnCheck, discusses how data gaps and scoring confusion hinder response strategies for potential cyberattacks.

Bank Info Security 1 year, 1 month ago

Microsoft Patches Zero-Day Exploited by Emirati Hackers

Check Point: 'Stealth Falcon' Exploited WebDAV FlawMicrosoft on Tuesday patched a zero-day vulnerability in WebDAV that was exploited by UAE-linked threat actors as part of an espionage campaign in the Middle East and Africa. Check Point attributed the campaign to the Emirates APT group Stealth Falcon.

Bank Info Security 1 year, 1 month ago

AI May Fix a 15-Year-Old Bug It Helped Spread

Researchers Turn to AI to Fix a Zombie Flaw that AI Helped PropagateArtificial intelligence tools that inadvertently perpetuated a decade-old bug may now also help eliminate it. The path traversal vulnerability became so embedded in developer culture that it found its way into training data for today’s AI models.

Insights on the Expanding Threat Landscape from AWS and DeloitteAs geopolitical tensions rise, companies face an expanding threat landscape - particularly through IoT and OT vulnerabilities that leave cloud infrastructures at risk, said PJ Hamlen at Amazon Web Services, and Julie Bernard at Deloitte & Touche LLP.

Bank Info Security 1 year, 1 month ago

Mirai Botnet Variant Exploits DVR Flaw to Build Swarm

A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 DevicesA Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in April 2024.