Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 25 Filtered view
Bank Info Security 1 year, 10 months ago

Feds Warn Health Sector to Patch Apache Tomcat Flaws

Healthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose RiskFederal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.

Bank Info Security 1 year, 10 months ago

Absolute Purchases Syxsense to Tackle Cyber Vulnerabilities

Acquisition Brings Vulnerability Management to Absolute's Cyber Resilience PlatformAbsolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.

Bank Info Security 1 year, 10 months ago

Critical GeoServer Flaw Enabling Global Hack Campaigns

Targets Includes Technology, Government and Telecommunications SectorsCybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a patch on July 1. The vulnerability has a CVSS score of 9.8 out of 10.

Bank Info Security 1 year, 10 months ago

Breach Roundup: YubiKey 5 Is Vulnerable to Cloning

Also: US Fingers Russian GRU Hackers; Ohio City Sues ResearcherThis week, YubiKey 5 has a flaw, an Ohio city sued a researcher, the Irish regulator ended its GrokAI case, open-source AI tools exposed data, Starlink blocked X in Brazil, FCC banned Kaspersky, Intel addressed a researcher's claim, and Transport of London is still affected by a cyber incident.

Bank Info Security 1 year, 10 months ago

New HackerOne CEO Kara Sprague to Expand Beyond Bug Bounties

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red TeamingHackerOne has tapped F5's longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.

Loading more headlines...