Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

22 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 22 Filtered view

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below - CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 -

Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an emergency administration account with nothing more than a "carefully crafted URL."…

Bank Info Security 10 months, 2 weeks ago

Safeguarding Healthcare With Secure and Smart Hospitals

Oslo University Hospital CSO Torkel Thune on Nordic Threat LandscapeTorkel Thune, head of the department for architecture, operational IT security and chief security officer at Oslo University Hospital, discusses how global shifts are affecting cybersecurity for the Nordic region, and how healthcare is especially vulnerable.

Bank Info Security 10 months, 2 weeks ago

Bridging the IT-OT Security Divide in Manufacturing

CISO Tammy Klotz Discusses the Value of Peer Support in Advance of ManuSec 2025Manufacturers face many challenges in securing OT and IT systems, from legacy technology to managing vulnerabilities. Tammy Klotz, CISO at Trinseo and last year's ManuSec Summit event chair, discusses the value of sharing firsthand insights with a cybersecurity community.

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million Trello user profiles was shared on a popular hacker forum. Yet,

Bank Info Security 10 months, 2 weeks ago

Chinese Telecom Hackers Strike Worldwide

US and Allies Warn About Persistent and Long Term Access to Network EquipmentThe Chinese hackers responsible for breaking into telecom networks across the globe capitalize on already documented vulnerabilities, principally in Cisco routing equipment, warn a slew of national cybersecurity agencies. Hackers use publicly known vulnerabilities with CVE designations.

Bank Info Security 10 months, 3 weeks ago

Citrix NetScaler Devices Yet Again Under Attack

Citrix Publishes Patches After Attackers Exploit Memory Overflow VulnerabilityNetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.

Loading more headlines...