Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

8 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 8 most recent headlines Filtered view

Space Policy and Tech Head Paul Liias on Dealing With Satellite VulnerabilitiesA major disruption of civil and military satellites could cause chaos on the ground to communications, navigation and other vital services. But the threats don't just come from missiles. They also comes from hackers who could exploit numerous vulnerabilities, said Estonia's Paul Liias.

Microsoft Urges Immediate Mitigation as State Actors Target SharePoint FlawHackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons. Hackers were able to "exploit a recent Microsoft vulnerability," according to an internal email sent to members and staff.

Majority of Attacks Target Operational Technology NetworksExploitation attempts against a severe vulnerability in a runtime system widely deployed in operational technology environments spiked globally in the days after open-source maintainers of the Erlang/OTP project published a patch. Attackers could take full control of systems.

Philippe Laulheret of Cisco Talos on Vulnerabilities in ControlVault FirmwareSecurity flaws in Dell's ControlVault firmware allowed attackers to run code on the chip, extract stored secrets and alter its behavior. By chaining these exploits, they could send malicious data to Windows components, said Philippe Laulheret, senior vulnerability researcher at Cisco Talos.

Bank Info Security 11 months ago

Russian Hackers Exploit WinRAR Zero-Day

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent VariantsA Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

Bell Labs' Siddharth Rao on the Need for Stronger Safeguards in Account RecoveryMany service providers are prioritizing usability over security in account recovery to retain users. Siddharth Rao, senior security research scientist at Nokia Bell Labs, says this trade-off exposes systems to threats through vulnerable recovery channels and inconsistent policies.