Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 5 most recent headlines Filtered view
Bank Info Security 1 year, 6 months ago

Feds Identify Ninth Telecom Victim in Salt Typhoon Hack

Officials Say Chinese Hackers Maintained 'Broad and Full' Access to Telecom SystemsFederal officials told reporters Friday that ongoing investigations into the Salt Typhoon cyberespionage campaign have identified a ninth victim company affected by the attack, in which hackers maintained "broad and full" access to vulnerable communications infrastructure across the country.

Bank Info Security 1 year, 6 months ago

D-Link Botnet Attacks Surge in Global Spike

Mirari and Kaiten Botnet Variants Exploit Unpatched RoutersAttackers exploiting nearly decade-old D-Link router vulnerabilities drove a sharp rise in botnet activity in 2024 through variants of the Mirari and Kaiten taking advantage of unpatched devices. Operators of botnets known as Ficora and Capsaicin exploit nearly decade-old flaws.

Unauthenticated Attackers Using Malicious Packet to Crash Devices' PAN-OS SoftwareSecurity giant Palo Alto Networks is pushing updates to fix a denial-of-service vulnerability in its PAN-OS device software that unauthenticated, remote attackers have been actively exploiting. The flaw can be triggered by sending firewalls "a malicious packet," which will crash the devices.

About 75% of healthcare sector entities that suffered a ransomware attack over the past year were targeted on a weekend or holiday, highlighting the need for organizations to bolster staffing and related strategies during these vulnerable times, said Jeff Wichman of security firm Semperis.