Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

30 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 30 Filtered view
Bank Info Security 2 years, 3 months ago

Likely Chinese Hacking Contractor Is Quick to Exploit N-Days

UNC5174 Exploited F5 BIG-IP and ScreenConnect VulnerabilitiesA likely Chinese hacker-for-hire used high-profile vulnerabilities in a campaign targeting a slew of Southeast Asian and U.S. governmental and research organizations, says threat intel firm Mandiant. Rapid exploitation of newly patched flaws has become a hallmark of Chinese threat actors.

Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work Opinion The United States National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database. That means big headaches for anyone using CVEs to maintain their security. …

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances

Bank Info Security 2 years, 3 months ago

Denial-of-Service Attack Could Put Servers in Perpetual Loop

Researchers Spot Vulnerability in Application-Layer Communication ProtocolA new type of denial-of-service threat can disrupt an estimated 300,000 internet hosts that are at risk of exploitation. Researchers at the CISPA Helmholtz Center for Information Security say attackers are using IP spoofing to entangle two servers in a perpetual communication loop.

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That’s why effective vendor risk management (VRM) is a

Bank Info Security 2 years, 3 months ago

Quantum Computing: A New Dawn for Encryption Vulnerabilities

Expert Perspectives on Protecting Data and Developing Quantum-Safe CryptographyAs quantum computing looms, experts emphasize the urgency of embracing quantum-safe strategies. They highlight the need for proactive measures to protect digital assets from future breaches, deliver long-term data security and ensure the integrity of encryption.

Loading more headlines...