Security news aggregator

Latest coverage for Vulnerability

Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.

Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.

Showing 20 most recent headlines of 27 Filtered view
Bank Info Security 4 months, 3 weeks ago

Hospitals at Risk of BeyondTrust Ransomware Hacks

Critical Vulnerability Could Give Attackers Foothold in Clinical NetworksFederal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

Bank Info Security 4 months, 4 weeks ago

Audit Finds Security Weaknesses at VA Spokane Medical Center

Access, Vulnerability Management, Configuration LapsesA federal watchdog agency inspection of information security at the VA health system in Spokane, Wash. last year found deficiencies across three areas - configuration management, vulnerability management and access controls - that could potentially put sensitive data at risk, a new report said.

Bank Info Security 4 months, 4 weeks ago

Cogent Security Gets $42M to Boost AI Vulnerability Defense

Series A Led by Bain Capital Ventures Targets Autonomous Remediation PlatformCogent Security secured $42 million in Series A funding to expand its AI-powered platform. Backed by Bain Capital Ventures, the company plans to triple staff, enhance model accuracy and scale its agent-based architecture to help enterprises automate remediation and counter AI-driven cyberattacks.

State disputes the company's claim that its routers are made in Vietnam TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.…

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG)

Loading more headlines...