Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

41 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 41 Filtered view

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog

BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.…

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE)

Bank Info Security 5 months, 2 weeks ago

Idis Surveillance Management Software Vulnerable to Hacking

Web-Based Client on Local Host Didn't Sanitize InputsVideo camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host.

Loading more headlines...