Tag: authentication bypass
87 articles

n8n Flaw Exposes User Accounts to Unauthorized Login via Token Exchange
A security flaw in n8n's workflow automation platform allowed unauthorized users to log in to accounts due to a token exchange mishap, essentially handing out the wrong accounts at login. This vulnerability stemmed from a misimplementation of the Enterprise token exchange feature.

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments
Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Hackers exploit auth bypass in Gitea Docker image
Hackers are actively exploiting a critical flaw in the Gitea Docker image, using a single header to bypass authentication and gain access - and security teams are only just catching on. In fact, researchers detected the first real-world hit just 13 days after the vulnerability was disclosed.

Account Takeover Attacks Target Verification Step as New Battleground
As more people and companies switch to passkeys, a new battleground emerges in the fight against account takeover attacks - the verification step. Attackers are now targeting these previously trusted processes, like account recovery and device re-enrollment, to gain control of accounts.

Tenda Routers Expose Admin Access via Hidden Backdoor
Tenda routers have a shocking security flaw: a hidden backdoor that can give attackers full control of your device, allowing them to hijack your admin access. This vulnerability, tracked as CVE-2026-11405, lets hackers easily bypass standard login security and take over your router.

BeyondTrust Software Flaws Expose Risk of Authentication Bypass
Critical software flaws in BeyondTrust's Remote Support and Privileged Remote Access products could allow hackers to bypass authentication and gain unauthorized access, potentially putting your system integrity at risk. Two vulnerabilities, CVE-2026-40138 and CVE-2026-40139, have been identified, highlighting the urgent need for an update.

Threat Actors Probe Gitea Docker Flaw Just 13 Days After Patch
Security researchers have spotted threat actors probing a critical Gitea Docker flaw just 13 days after it was patched, highlighting the urgent need for users to update their systems. This highly vulnerable flaw, scoring 9.8, allows attackers to exploit a default setting that trusts user headers from any source IP address.

SimpleHelp Vulnerability Exploited to Deliver Novel Malware
A critical vulnerability in SimpleHelp's remote monitoring software, rated a perfect 10 in severity, was exploited by attackers to masquerade as trusted technicians and deploy brand-new malware across customer networks. This flaw allowed hackers to bypass authentication and gain unauthorized access with ease.

CVE-2026-48558 Exploitation Deploys TaskWeaver, Djinn Stealer Malware
A critical vulnerability, CVE-2026-48558, with a maximum severity score of 10.0 is being exploited to spread two new malware families, TaskWeaver and Djinn Stealer, by turning remote monitoring servers into malware distribution points. This flaw allows attackers to bypass OpenID Connect authentication in SimpleHelp and gain a fully authenticated session.

Hackers Exploit SimpleHelp Flaw to Deploy Djinn Stealer Malware
Hackers have found a way to exploit a flaw in SimpleHelp, using it as a trusted channel to deploy the Djinn Stealer malware and wreak havoc on managed systems. This critical vulnerability, CVE-2026-48558, allows attackers to create highly privileged accounts without authentication, putting thousands of systems at risk.

Massive Passport Leak Exposes Sensitive Traveler Data
A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw
A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.

CISA Warns of Active Exploitation of Splunk Enterprise Flaw
A critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, allows remote attackers to create or delete files on vulnerable systems without needing any login credentials. This security flaw affects specific versions of Splunk Enterprise, including 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6.

Fortinet Sandbox Flaws Under Active Exploitation
Critical Fortinet Sandbox vulnerabilities are under active attack, with hackers exploiting flaws like CVE-2026-39813, a severe path traversal bug that allows authentication bypass. Fortinet patched these bugs in April, but users must upgrade ASAP to avoid being compromised.

Palo Alto Networks Warns of Active Exploitation of GlobalProtect VPN Flaw
Palo Alto Networks has warned of active exploitation of a critical GlobalProtect VPN flaw, CVE-2026-0257, which allows attackers to bypass security controls and set up unauthorized VPN connections. The company first observed exploitation attempts on May 17, 2026.

Credential Theft Spurs Demand for Secure Identity Verification
Credential theft skyrocketed 160% in 2025, fueling a critical need for secure identity verification solutions that can outsmart AI-driven attacks. To stay ahead, robust multi-factor authentication is a must-have, combining unique factors like something you know, have, and are to fortify defenses.

ServiceNow Warns of Flaw Exploited for Unauthorized Access
ServiceNow has issued a security update to fix a flaw that could allow unauthorized users to gain excessive access to customer instances, and the company is urging users to take action to protect their systems. The update was applied to hosted customer instances on June 5, 2026.

Veeam Patches Backup Flaw That Enables Remote Code Execution
Veeam has urgently patched a critical backup flaw, CVE-2026-44963, that allowed remote code execution with just domain user credentials, scoring a severe 9.4 out of 10 in severity. The update to version 12.3.2.4854 fixes this vulnerability, preventing attackers from running malicious code on the Backup Server.

phpBB Flaw Enables Instant Account Takeover
A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Check Point Discloses Zero-Day Flaw Exploited by Ransomware Groups
Check Point has uncovered a zero-day flaw, CVE-2026-50751, that allowed ransomware groups to exploit a critical authentication bypass in Remote Access and Mobile Access deployments, prompting an emergency fix. The vulnerability enabled attackers to establish a remote access VPN connection without proper authentication.

UniFi OS Bug Lets Hackers Gain Root Without Authentication
A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups
A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

Check Point Exposes VPN Zero-Day Link to Qilin Ransomware Gang
A critical VPN vulnerability, CVE-2026-50751, has been exploited in attacks linked to the notorious Qilin ransomware gang, affecting a handful of organizations worldwide. Check Point has released security updates to patch this authentication bypass flaw in its legacy Remote Access and Mobile Access deployments.

Palo Alto Networks Warns of Active PAN-OS Vulnerability Exploitation
Palo Alto Networks has sounded the alarm on a critical PAN-OS vulnerability, CVE-2026-0257, that's being actively exploited by threat actors to bypass authentication and gain unauthorized access to VPN connections. This security gap could allow attackers to circumvent controls and initiate their own VPN sessions, putting your network at risk.