Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites
Flaws in iCagenda, Balbooa Forms extensions can impact open source CMS that powers a million sites worldwide
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Weekly headline count for the current query.
Flaws in iCagenda, Balbooa Forms extensions can impact open source CMS that powers a million sites worldwide
National vulnerability database claims monitoring mechanism can forward Chinese users' data to remote servers
Majority report AI-related security incidents or vulnerabilities
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
At least two vulnerabilities are already under attack
You don't need Mythos or GPT-5.5-Cyber to find a vuln to exploit when the world's password habits are so sloppy
CVE-2026-20230 under exploitation, while an earlier SD-WAN 0-day looks even worse than we thought
Package dependencies can create vulnerabilities that are fiendishly hard to find and stamp out
Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us
And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability
And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability
Unless you're an admin or vulnerability manager – then you're totally screwed
Those receiving aid in the famine-threatened, war-torn territory told support will remain
'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Apache, Alibaba databases vulnerable and only one has a patch
This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.…
Emergency patches out now for those managing the millions of domains assumed to be affected