Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

35 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 35 Filtered view
Bank Info Security 9 months, 1 week ago

AI Browsers Vulnerable to Data Theft, Malware

AI Actions Bypass Security ToolsArtificial intelligence-powered browsers could expose enterprises to data theft, malware distribution and unauthorized access to corporate apps, new research shows. AI browsers built to complete tasks autonomously lack the security awareness to verify whether an instruction is safe.

Bank Info Security 9 months, 1 week ago

Fortra Confirms 'Unauthorized Activity' Hit GoAnywhere MFT

Medusa Ransomware Group Tied to Exploits of Now-Patched Zero-Day VulnerabilityRecent attacks targeting Fortra's GoAnywhere managed file transfer software exploited a "limited" number of customers who set their on-premises installations to have an administrative console publicly exposed to the internet, which the vendor recommends customers never do.

Pentera-DevOcean Platform to Deliver Unified Attack Simulation and RemediationPentera has acquired DevOcean to close a major operational gap in threat resolution. With AI-based prioritization and remediation orchestration across over 100 tools, Pentera is building a unified platform to address both attack simulation and fix deployment.

Bank Info Security 9 months, 1 week ago

Chinese-Linked Hackers Breach Top Political US Law Firm

Williams & Connolly Hit in Zero-Day Campaign Impacting Client EmailsA zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.

Bank Info Security 9 months, 1 week ago

Clop Attacks Against Oracle E-Business Suite Trace to July

Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being EmployedData-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers.

Bank Info Security 9 months, 1 week ago

Why OT Security Is Still a Special Child

Verve's Rick Kaun on Bridging the Gap Between IT and OT SecurityOperational technology faces security risks that differ sharply from IT, yet both teams must collaborate to secure critical assets, said Rick Kaun, vice president of solutions at Verve. He explains why OT security needs a different approach to vulnerability management and risk prioritization.

We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Deploy Emergency Patch for Zero-Day Flaw, Hunt for Signs of Intrusion, Warn ExpertsOracle patched a zero-day vulnerability in Oracle E-Business Suite and urged customers to immediately install the fix. The flaw has been exploited since August by the Clop ransomware group, and with exploit code now having leaked, experts expect to see many more attackers join the fray.

Loading more headlines...