Skip to main content

Tag: authentication bypass

87 articles

Blurred laptop screen on a modern office desk shows a workflow automation setup with security and authentication focus.

n8n Flaw Exposes User Accounts to Unauthorized Login via Token Exchange

A security flaw in n8n's workflow automation platform allowed unauthorized users to log in to accounts due to a token exchange mishap, essentially handing out the wrong accounts at login. This vulnerability stemmed from a misimplementation of the Enterprise token exchange feature.

Analyst 207
Brightly-lit server room with rows of humming servers and a lone technician inspecting a rack, hinting at potential…

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments

Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Analyst 207
Brightly-lit server in a data center with a network operations setting.

Hackers exploit auth bypass in Gitea Docker image

Hackers are actively exploiting a critical flaw in the Gitea Docker image, using a single header to bypass authentication and gain access - and security teams are only just catching on. In fact, researchers detected the first real-world hit just 13 days after the vulnerability was disclosed.

Analyst 207
Person sitting at desk with laptop, hands poised over keyboard in modern office setting.

Account Takeover Attacks Target Verification Step as New Battleground

As more people and companies switch to passkeys, a new battleground emerges in the fight against account takeover attacks - the verification step. Attackers are now targeting these previously trusted processes, like account recovery and device re-enrollment, to gain control of accounts.

Analyst 207
A router sits on a neutral surface, vents and ports visible, in a brightly lit home or office setting.

Tenda Routers Expose Admin Access via Hidden Backdoor

Tenda routers have a shocking security flaw: a hidden backdoor that can give attackers full control of your device, allowing them to hijack your admin access. This vulnerability, tracked as CVE-2026-11405, lets hackers easily bypass standard login security and take over your router.

Analyst 207
Dimly lit server room with a single brightly lit remote access appliance and a blurred login screen on a nearby monitor.

BeyondTrust Software Flaws Expose Risk of Authentication Bypass

Critical software flaws in BeyondTrust's Remote Support and Privileged Remote Access products could allow hackers to bypass authentication and gain unauthorized access, potentially putting your system integrity at risk. Two vulnerabilities, CVE-2026-40138 and CVE-2026-40139, have been identified, highlighting the urgent need for an update.

Analyst 207
Security researcher examines laptop amidst servers with Gitea Docker setup.

Threat Actors Probe Gitea Docker Flaw Just 13 Days After Patch

Security researchers have spotted threat actors probing a critical Gitea Docker flaw just 13 days after it was patched, highlighting the urgent need for users to update their systems. This highly vulnerable flaw, scoring 9.8, allows attackers to exploit a default setting that trusts user headers from any source IP address.

Analyst 207
Remote monitoring software interface on a laptop in an office setting.

SimpleHelp Vulnerability Exploited to Deliver Novel Malware

A critical vulnerability in SimpleHelp's remote monitoring software, rated a perfect 10 in severity, was exploited by attackers to masquerade as trusted technicians and deploy brand-new malware across customer networks. This flaw allowed hackers to bypass authentication and gain unauthorized access with ease.

Analyst 207
Technicians work in a server room with rows of computer equipment, a laptop in the foreground with a blurred screen and…

CVE-2026-48558 Exploitation Deploys TaskWeaver, Djinn Stealer Malware

A critical vulnerability, CVE-2026-48558, with a maximum severity score of 10.0 is being exploited to spread two new malware families, TaskWeaver and Djinn Stealer, by turning remote monitoring servers into malware distribution points. This flaw allows attackers to bypass OpenID Connect authentication in SimpleHelp and gain a fully authenticated session.

Analyst 207
Technicians work in a server room with rows of computer equipment, focusing on a specific server with a blurred screen.

Hackers Exploit SimpleHelp Flaw to Deploy Djinn Stealer Malware

Hackers have found a way to exploit a flaw in SimpleHelp, using it as a trusted channel to deploy the Djinn Stealer malware and wreak havoc on managed systems. This critical vulnerability, CVE-2026-48558, allows attackers to create highly privileged accounts without authentication, putting thousands of systems at risk.

Analyst 207
Passport lies on a plain surface surrounded by blurred cannabis dispensary items, hinting at a security breach.

Massive Passport Leak Exposes Sensitive Traveler Data

A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

Analyst 207
CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.

Analyst 207
Network operations center with server and equipment, cityscape visible through window.

CISA Warns of Active Exploitation of Splunk Enterprise Flaw

A critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, allows remote attackers to create or delete files on vulnerable systems without needing any login credentials. This security flaw affects specific versions of Splunk Enterprise, including 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6.

Analyst 207
Network equipment racks with a single server in the foreground showing a subtle warning light.

Fortinet Sandbox Flaws Under Active Exploitation

Critical Fortinet Sandbox vulnerabilities are under active attack, with hackers exploiting flaws like CVE-2026-39813, a severe path traversal bug that allows authentication bypass. Fortinet patched these bugs in April, but users must upgrade ASAP to avoid being compromised.

Analyst 207
Network equipment sits in a brightly-lit corporate office setting.

Palo Alto Networks Warns of Active Exploitation of GlobalProtect VPN Flaw

Palo Alto Networks has warned of active exploitation of a critical GlobalProtect VPN flaw, CVE-2026-0257, which allows attackers to bypass security controls and set up unauthorized VPN connections. The company first observed exploitation attempts on May 17, 2026.

Analyst 207
Person holding smartphone stands before secure door with keycard reader and biometric scanner.

Credential Theft Spurs Demand for Secure Identity Verification

Credential theft skyrocketed 160% in 2025, fueling a critical need for secure identity verification solutions that can outsmart AI-driven attacks. To stay ahead, robust multi-factor authentication is a must-have, combining unique factors like something you know, have, and are to fortify defenses.

Analyst 207
Modern office workstation with laptop and computer setup amidst blurred server room equipment.

ServiceNow Warns of Flaw Exploited for Unauthorized Access

ServiceNow has issued a security update to fix a flaw that could allow unauthorized users to gain excessive access to customer instances, and the company is urging users to take action to protect their systems. The update was applied to hosted customer instances on June 5, 2026.

Analyst 207
Dimly lit server room with a single brightly lit computer terminal in the foreground.

Veeam Patches Backup Flaw That Enables Remote Code Execution

Veeam has urgently patched a critical backup flaw, CVE-2026-44963, that allowed remote code execution with just domain user credentials, scoring a severe 9.4 out of 10 in severity. The update to version 12.3.2.4854 fixes this vulnerability, preventing attackers from running malicious code on the Backup Server.

Analyst 207
Rows of rack-mounted servers with a network administrator in the background.

phpBB Flaw Enables Instant Account Takeover

A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Analyst 207
Remote access VPN setup with laptop and router in foreground and blurred office background.

Check Point Discloses Zero-Day Flaw Exploited by Ransomware Groups

Check Point has uncovered a zero-day flaw, CVE-2026-50751, that allowed ransomware groups to exploit a critical authentication bypass in Remote Access and Mobile Access deployments, prompting an emergency fix. The vulnerability enabled attackers to establish a remote access VPN connection without proper authentication.

Analyst 207
Modern server equipment in a well-lit network operations room with a city view.

UniFi OS Bug Lets Hackers Gain Root Without Authentication

A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

Analyst 207
Dimly lit network operations center with a single laptop screen displaying a VPN connection interface.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups

A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

Analyst 207
Network equipment and router setup in a data center or network operations room.

Check Point Exposes VPN Zero-Day Link to Qilin Ransomware Gang

A critical VPN vulnerability, CVE-2026-50751, has been exploited in attacks linked to the notorious Qilin ransomware gang, affecting a handful of organizations worldwide. Check Point has released security updates to patch this authentication bypass flaw in its legacy Remote Access and Mobile Access deployments.

Analyst 207
Network device with cables on a rack in a well-lit technology room.

Palo Alto Networks Warns of Active PAN-OS Vulnerability Exploitation

Palo Alto Networks has sounded the alarm on a critical PAN-OS vulnerability, CVE-2026-0257, that's being actively exploited by threat actors to bypass authentication and gain unauthorized access to VPN connections. This security gap could allow attackers to circumvent controls and initiate their own VPN sessions, putting your network at risk.

Analyst 207