Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

30 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 30 Filtered view
Bank Info Security 2 years, 2 months ago

New Botnet 'Goldoon' Targets D-Link Devices

FortiGuard Labs Identifies Botnet Exploiting Decade-Old D-Link VulnerabilityHackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.

Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence. …

Bank Info Security 2 years, 2 months ago

Critical Flaw in R Language Poses Supply Chain Risk

Deserialization Vulnerability Allows for Remote Code ExecutionA high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.

Bank Info Security 2 years, 2 months ago

Experts Say White House Memo Overlooks Space Cyber Risks

Security Memo Update Opts Not to Include Space as Critical Infrastructure SectorSpace industry executives say they're feeling left out of a push to better national cybersecurity, calling a White House update on Tuesday to a memo organizing critical infrastructure efforts a missed opportunity. Experts said the exclusion could leave the U.S. space sector vulnerable to attacks.

Warning comes exactly a year after the vulnerability was introduced The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…

Bank Info Security 2 years, 2 months ago

US and Allies Issue Cyber Alert on Threats to OT Systems

Cyber Authorities Warn Pro-Russian Hacktivists Targeting Small-Scale OT SystemsU.S. and international cyber authorities issued a warning Wednesday that pro-Russian hacktivists are increasingly targeting small-scale operational technology systems throughout North America and Europe that have been left vulnerable to attacks due to internet-exposed industrial control systems.

Bank Info Security 2 years, 2 months ago

Verizon DBIR: Cyber Defenders Are Facing Exploit Fatigue

Experts Warn That Human Failures Have Led to Surge in Successful Zero-Day ExploitsVerizon executives warned that cyber defenders are struggling with fatigue amid a surge in cyberattacks targeting zero-day exploits and other vulnerabilities. It takes most enterprises nearly 55 days on average to mitigate 50% of critical vulnerabilities once patches become available, the DBIR says.

Bank Info Security 2 years, 2 months ago

GitLab Hackers Use 'Forgot Your Password' to Hijack Accounts

US CISA Orders Federal Agencies to Apply January PatchThe U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January. The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox.

Loading more headlines...