The employee must, during and after employment, without limitation in time, observe a duty of confidentiality regarding [...]
the Company's internal affairs such as business plans, profitability, pricing, employees, methods, processes, routines, code and the like as well as other information that the Company typically wants to keep secret
The pure information that the company had at some time a security problem with their product is internal knowledge you only gained through working there. By what is written here, you are indeed prohibited from speaking about it.
If it were public knowledge, you could point to a press release and say "I did that, that was me fixing the problem". That would work. Because it doesn't share anything that isn't public anyway. But you cannot share things the company wants to keep secret.
Finding out whether that contract is legally enforcable in your country and juristiction is the job of a real lawyer, but just as written, they are right. You signed a contract to not do that, not talk about it an certainly not publish it on the internet. So you should not do that, unless a good lawyer you trust tells you otherwise.
That said, "I found a security flaw" is about as impressive as "I found a dollar on the floor". Maybe you can talk about your knowledge to prevent something like it happening. That says nothing about whether or not it happened in your old company, and for me as an employer it is much more valuable to have you on board with structured knowledge you can apply, than with your memories of being lucky once.