Infosecurity Magazine

Vulnerability Management News

Scroll down for the latest news and information covering vulnerability management.

Latest News and Features

Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

News

Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks

SolarWinds Web Help Desk Vulnerability Actively Exploited

News

CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog

SQL Injection Flaw Affects 40,000 WordPress Sites

News

DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon

News

Sophos CISO on Software Flaws, Vendor Risk and Secure by Design (video)

Interview

Notepad++ Update Hijacking Linked to Hosting Provider Compromise

News

Autonomous System Uncovers Long-Standing OpenSSL Flaws

News

Critical and High Severity n8n Sandbox Flaws Allow RCE

News

Researchers Uncover 454,000+ Malicious Open Source Packages

News

Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

News

Webinars Coming Up

How To Enhance Security Operations with AI-Powered Defenses

White Papers

Gcore Radar: DDoS Attack Trends Q3 to Q4, 2023

White Paper

5 Ways to Strengthen Your Active Directory Password Policy

White Paper

SASE Security Buyers Guide

White Paper

On-Demand Webinars

  • How to Implement Attack Surface Management in the AI and Cloud Age
  • Navigating Exposures in Energy ICS Environments
  • How to Proactively Remediate Rising Web Application Threats
  • How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0
  • Experiencing a DDoS Simulation to Enhance Defenses
  • How Can the Boardroom Boost Cyber Resilience?

Podcasts

  • How 2025 Shaped the Future of Cybersecurity
  • Can AI Solve the Vulnerability Problem in Critical Infrastructure?
  • The Team are Joined by Cybersecurity Experts to Review 2022 and How to Prepare Information Security for 2023
  • Beth Maundrill is joined by Dr. Jason Nurse, Associate Professor in Cyber Security at the University of Kent.
  • Beth Maundrill and James Coker analyze Insider Threats as September is National Insider Threats Awareness Month.
  • Into Security Podcast - Episode 15

More news and features

Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation

News

World Leaks Ransomware Group Claims 1.4TB Nike Data Breach

News

Critical Appsmith Flaw Enables Account Takeovers

News

RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites

News

Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites

Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure

News

Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch

News

A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE

Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps

News

2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

News

Global Agencies Release New Guidance to Secure Industrial Networks

News

CodeBuild Flaw Put AWS Console Supply Chain At Risk

News

Blogs

Five Single Sign-On Best Practices to Reduce Access Risk in 2026

Blog

Zero Trust and Active Directory: What Modern AD Audits Reveal

Blog

Next-Gen Infosec

How to Prevent Data Leakages

Next-Gen

Top Cloud Misconceptions that Could Damage Your Organization

Next-Gen

Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches

Next-Gen