Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 10 most recent headlines Filtered view
Bank Info Security 11 months, 3 weeks ago

New York Unveils 'Nation-Leading' Water Sector Cyber Rules

State Seeks Public Input on New Reporting Rules and Regulations for Water SectorNew York State has unveiled a comprehensive set of water and wastewater cybersecurity regulations aimed at bolstering defenses for the vulnerable critical infrastructure sector, in addition to a new competitive investment program to help modernize under-resourced entities.

Bank Info Security 11 months, 3 weeks ago

Trump's CISA Nominee Grilled Over 2020 Election Fraud Claims

Sean Plankey Dodges Election Security Questions in Senate Confirmation HearingSean Plankey, a former Energy Department and National Security Council cybersecurity official, faced tough questions from lawmakers about President Donald Trump's false claims of voting machine vulnerabilities and election fraud in the 2020 election during his Thursday confirmation hearing.

Bank Info Security 11 months, 3 weeks ago

Trump's CISA Nominee Grilled Over 2020 Election Fraud Claims

Sean Plankey Dodges Election Security Questions in Senate Confirmation HearingSean Plankey, a former Energy Department and National Security Council cybersecurity official, faced tough questions from lawmakers about President Donald Trump's false claims of voting machine vulnerabilities and election fraud in the 2020 election during his Thursday confirmation hearing.

Bank Info Security 11 months, 3 weeks ago

Honeywell Smart Building Middleware Vulnerable

Researchers Find Flaws in Tridium Niagara FrameworkVulnerabilities in Honeywell smart building middleware could allow hackers to manipulate physical systems or disable security alarms, warn security researchers. Hackers would already need access to the network. An attack would also depend on the Tridium Niagara customer not encrypting Syslog data.

Bank Info Security 11 months, 3 weeks ago

US Infrastructure Remains Vulnerable 15 Years After Stuxnet

Experts Say Critical Infrastructure Sectors Have Made Little Cybersecurity ProgressPanelists told the House subcommittee on cybersecurity and infrastructure protection that U.S. critical infrastructure sectors have made few cyber improvements over the last 15 years despite fears of retaliation following digital and physical attacks on Iranian nuclear sites.

Bank Info Security 11 months, 3 weeks ago

Microsoft Traces On-Premises SharePoint Exploits to China

But Hacking Groups of All Stripes Now Have Access to Exploit Code, Researchers WarnMicrosoft said an attack campaign targeting zero-day vulnerabilities in on-premises SharePoint servers appears to have begun by July 7, tied to three Chinese hack groups. With proof-of-concept exploit code now in the wild, security experts said hackers of all stripes have joined the fray.

Bank Info Security 11 months, 3 weeks ago

File Transfer Flaw Blamed in Health Breach Affecting 233,000

Cierant Corp. Says Cleo MFT Zero-Day Exploit Compromised Health Plan Client DataA Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

Bank Info Security 11 months, 3 weeks ago

Hackers Target Zero-Day Vulnerability to Exploit CrushFTP

Attackers Modify File-Transfer Server Software to Display Patched Version NumberManaged file-transfer software developer CrushFTP said a zero-day vulnerability in its tool's web interface is being actively exploited to gain admin-level access to servers. The company urged immediate updating, saying all versions of its software released since July 1 are patched.

Traditional security testing tools can’t keep pace with modern threats—or prove which vulnerabilities truly matter. Discover how Adversarial Exposure Validation (AEV) bridges the gap by continuously simulating real-world attacks to reveal exploitable exposures, prioritize risk, and empower smarter security decisions. Learn why AEV is the missing link in your CTEM strategy and how BreachLock is leading the way.

Bank Info Security 11 months, 3 weeks ago

Attackers Exploit Zero-Day Flaws in On-Premises SharePoint

Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing AttacksHackers have been exploiting a zero-day vulnerability dubbed "ToolShell" in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches, experts warn administrators to also rotate keys, to help eject attackers.