Topic: authentication bypass
-
Fortinet Mitigates Critical FortiCloud SSO Zero-Day Before Patch
A critical authentication bypass flaw (CVE-2026-24858) in Fortinet's FortiCloud SSO was actively exploited, allowing attackers to gain administrative control over devices, even fully patched ones, by creating rogue accounts. Fortinet responded by globally disabling and then restricting FortiCloud...
Read More » -
6,000+ SmarterMail Servers Vulnerable to Hijacking
A critical authentication bypass vulnerability (CVE-2026-23760) in SmarterMail email servers allows attackers to reset administrator passwords and take full control of unpatched systems. Security researchers have identified thousands of vulnerable servers, with evidence of widespread, automated e...
Read More » -
Fortinet Critical Auth Bypass Flaw Remains Unpatched
A critical Fortinet SSO vulnerability (CVE-2025-59718) is being actively exploited via a bypass of the initial patch, allowing attackers to create unauthorized VPN accounts and steal configurations on fully updated devices. Fortinet has confirmed the attacks and is developing a new patch, while u...
Read More » -
SmarterMail Flaw Lets Attackers Hijack Admin Accounts
A critical authentication bypass flaw in SmarterMail's 'force-reset-password' API endpoint allows attackers to hijack administrator accounts and gain full server control. Threat actors began exploiting the vulnerability just two days after the patch was released, suggesting they reverse-engineere...
Read More » -
Patched FortiGate Firewalls Still Vulnerable to Hacks
A critical Fortinet firewall vulnerability (CVE-2025-59718) persists despite patches, allowing unauthorized admin access via the FortiCloud SSO feature even on the latest software versions. Fortinet is preparing new updates, but the immediate recommendation is to disable the "Allow administrative...
Read More » -
Patched FortiGate Firewalls Still Vulnerable to CVE-2025-59718
A critical Fortinet firewall vulnerability (CVE-2025-59718) remains actively exploitable even on systems with official patches, allowing attackers to bypass authentication and take over networks. Security researchers have confirmed ongoing exploitation where attackers use malicious SSO logins to ...
Read More » -
IBM API Connect flaw exposes critical authentication bypass risk
A critical vulnerability (CVE-2025-13915) in IBM API Connect allows attackers to bypass authentication and gain unauthorized remote access, posing a high risk to sectors like finance and healthcare. IBM urges immediate patching to specific affected versions and advises disabling the Developer Por...
Read More » -
FortiGate Firewalls Under Attack: Critical Auth Bypass Exploited
Attackers are actively exploiting a critical Fortinet firewall vulnerability (CVE-2025-59718) to bypass authentication and steal sensitive network configuration files containing encrypted credentials. The flaw, along with a related one (CVE-2025-59719), stems from improper cryptographic signature...
Read More » -
Hackers Target Unpatched Fortinet Flaws After Fix
Attackers are exploiting two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in Fortinet products, gaining administrative access to steal sensitive system configuration files. The theft of these configuration files poses a severe risk, exposing network details and...
Read More » -
Urgent ASUS Router Security Flaw Exposed
ASUS has released an urgent firmware update (version 1.1.2.3_1010) to fix a critical security flaw (CVE-2025-59367) that allows unauthorized remote access to DSL-AC51, DSL-N16, and DSL-AC750 routers without a password. For users unable to update immediately, ASUS recommends disabling internet-acc...
Read More » -
WordPress Plugin Flaw Gives Hackers Admin Access
A severe vulnerability (CVE-2026-23550) in the Modular DS WordPress plugin is being actively exploited, allowing attackers to gain full administrative control over websites with over 40,000 active installations. The flaw, present in versions 2.5.1 and older, stems from inadequate request verifica...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
Active Exploit Targets Suspected FortiWeb Zero-Day
A critical zero-day vulnerability (CVE-2025-64446) in Fortinet's FortiWeb is being actively exploited, allowing unauthenticated attackers to create unauthorized admin accounts and gain full administrative access. Fortinet silently patched the flaw in multiple versions, including 8.0.2, but delaye...
Read More » -
Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
Cisco has patched two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in its Unified Contact Center Express platform, which could allow attackers to bypass authentication and gain root-level control. CVE-2025-20358 enables unauthenticated attackers to manipulate the login process and...
Read More » -
Urgent Patch: Critical Passwordstate Vulnerability Exposed
A critical security update is required for Passwordstate to address a high-severity vulnerability that allows attackers to bypass authentication and gain administrative control. The flaw involves a manipulated URL targeting the emergency access page, enabling unauthorized access to the administra...
Read More » -
Fortinet Patches Critical FortiCloud SSO Zero-Day Under Attack
Fortinet has patched a critical zero-day vulnerability (CVE-2026-24858) that allowed attackers to bypass authentication and gain unauthorized administrative access to firewalls and other security appliances. The flaw specifically affected systems with the FortiCloud Single Sign-On feature enabled...
Read More » -
Urgent CISA Alert: Active Oracle Identity Manager RCE Exploits
A critical security vulnerability (CVE-2025-61757) in Oracle Identity Manager allows attackers to execute remote code without authentication by exploiting weaknesses in REST API security filters. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pat...
Read More » -
Fortinet Patches Actively Exploited FortiWeb Zero-Day
Fortinet has patched a critical zero-day vulnerability (CVE-2025-64446) in its FortiWeb firewall, which is being actively exploited to create unauthorized admin accounts via unauthenticated HTTP requests. The flaw affects FortiWeb versions 8.0.1 and earlier, with a fix available in version 8.0.2,...
Read More » -
Moxa Devices Expose Hard-Coded Credentials (CVE-2025-6950)
Moxa has urgently patched five critical vulnerabilities in its industrial network devices, including a severe flaw (CVE-2025-6950) that allows remote attackers to take full control without authentication. The vulnerabilities include authentication bypasses and privilege escalations, enabling unau...
Read More » -
Telegram Channels Reveal SmarterMail Exploits in the Wild
Threat actors are rapidly weaponizing critical vulnerabilities in SmarterMail (CVE-2026-24423 and CVE-2026-23760), sharing exploit code and credentials to enable server takeover and ransomware campaigns. These flaws have already been exploited in real-world incidents, including a breach at Smarte...
Read More » -
Urgent SolarWinds Web Help Desk Patch Fixes Critical RCE Flaws
SolarWinds has urgently patched multiple critical vulnerabilities in its Web Help Desk software, strongly advising all customers to immediately upgrade to version 2026.1 to mitigate risks like remote code execution. The critical flaws, discovered by external researchers, include authentication by...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
KernelSU v0.5.7 Vulnerability Exposes Android to Root Exploits
A security flaw in KernelSU 0.5.7 allows attackers to bypass authentication and gain root access on Android devices by exploiting a design flaw in APK file processing. Rooting frameworks like KernelSU often lack robust security measures, leading to vulnerabilities such as inadequate authenticatio...
Read More » -
1,200+ Citrix servers vulnerable to critical auth bypass flaw
Over 1,200 Citrix NetScaler systems remain vulnerable to CVE-2025-5777, a severe authentication bypass flaw enabling session hijacking and MFA bypass, with potential active exploitation despite Citrix's denial. The flaw, dubbed "Citrix Bleed 2," allows attackers to steal session tokens and creden...
Read More » -
Critical Server Vulnerability Actively Exploited - Patch Now!
A critical 10/10 severity vulnerability in AMI MegaRAC firmware (CVE-2024-54085) allows attackers to bypass authentication and gain full server control via BMCs, putting thousands of systems at risk. Exploits are now active in the wild, enabling attackers to pivot across networks, comprom...
Read More » -
Critical Flaw Exposes 10K+ Fortinet Firewalls to 2FA Bypass
A critical five-year-old Fortinet firewall flaw (CVE-2020-12812) allows attackers to bypass two-factor authentication by altering a username's case, and over 10,000 vulnerable devices remain exposed online. Despite a patch being available since 2020, attackers are actively exploiting the vulnerab...
Read More » -
Urgent: CISA Warns of Active Attacks on Critical Adobe Flaw
CISA has issued a critical alert about active exploitation of a maximum-severity vulnerability (CVE-2025-54253) in Adobe Experience Manager, allowing attackers to execute malicious code on unpatched systems. The flaw, discovered by security researchers, enables unauthenticated attackers to bypass...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
Patch Now: CISA Warns of Active Oracle Identity Manager Attack
A critical vulnerability (CVE-2025-61757) in Oracle Identity Manager is being actively exploited, allowing unauthenticated attackers to execute arbitrary code via HTTP. CISA has urgently added this flaw to its Known Exploited Vulnerabilities catalog, advising immediate patching or isolation of af...
Read More » -
3,000+ Unpatched NetScaler Devices Vulnerable to CitrixBleed 2
Over 3,300 Citrix NetScaler systems remain unpatched against CVE-2025-5777 (CitrixBleed 2), exposing organizations to session hijacking and data theft despite available fixes. The flaw allows attackers to bypass authentication, intercept session tokens, and compromise credentials, with active exp...
Read More » -
Thousands of Ruckus Networks Devices Vulnerable Due to Unpatched Flaws
Thousands of Ruckus Networks devices are exposed to critical unpatched vulnerabilities, allowing attackers to take control of enterprise wireless environments. The flaws affect Ruckus Virtual Smart Zone (vSZ) and Ruckus Network Director (RND), enabling risks like hardcoded credentials, authentica...
Read More » -
CitrixBleed 2 Vulnerability Actively Exploited
A critical vulnerability in Citrix NetScaler systems (CVE-2025-5777, CVSS 9.3), dubbed CitrixBleed 2, allows attackers to bypass authentication and compromise user sessions, similar to the 2023 CitrixBleed exploit. Attackers are actively exploiting the flaw, using tactics like MFA bypass, session...
Read More » -
CISA Alerts: SmarterMail RCE Flaw Actively Exploited in Ransomware
A critical, unauthenticated remote code execution flaw (CVE-2026-24423) in SmarterMail is being actively exploited by ransomware groups, prompting urgent warnings from CISA. The vulnerability, stemming from a missing authentication check, allows attackers to take control of unpatched systems, and...
Read More » -
Exploit Alert: Critical Adobe Experience Manager Flaw (CVE-2025-54253)
A critical security flaw (CVE-2025-54253) in Adobe Experience Manager Forms allows unauthenticated attackers to execute remote code, prompting CISA to flag it due to active exploitation. The vulnerability arises from Apache Struts "devMode" being enabled in the administrative interface combined w...
Read More » -
Critical SmarterMail Flaw Actively Exploited by Ransomware Gangs
A critical SmarterMail vulnerability (CVE-2026-24423) is being actively exploited, allowing unauthenticated attackers to execute remote code via a flawed API endpoint. The flaw affects all SmarterMail versions before build 100.0.9511, prompting urgent federal patching mandates and warnings for al...
Read More » -
CISA Warns of Active Attacks on 4 Critical Software Flaws
CISA has issued a critical alert, adding four actively exploited software vulnerabilities to its KEV catalog, impacting tools from Versa, Zimbra, Vite, and Prettier. The exploited flaws include an authentication bypass in Versa's SD-WAN platform, a file access bug in the Vite framework, a supply-...
Read More » -
Critical "Ni8mare" Bug Allows Hackers to Take Over n8n Servers
A critical, maximum-severity vulnerability (CVSS 10.0) in n8n allows unauthenticated remote attackers to take control of servers, posing a major risk due to the platform's widespread use and integration with sensitive enterprise systems. The flaw, named "Ni8mare," is a path traversal issue where ...
Read More » -
Critical Flaws Found in Fluent Bit Logging Agent
Severe security vulnerabilities have been discovered in Fluent Bit, a widely used telemetry logging tool installed over 15 billion times, impacting core functions in banking, cloud, and SaaS environments. The flaws include input validation issues, tag manipulation, path traversal, buffer overflow...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Urgent: Patch Windows SMB Flaw Being Actively Exploited
A critical Windows SMB Client vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain SYSTEM-level privileges through a malicious script that compromises SMB connections. Microsoft patched the flaw in June 2025, and CISA has added it to its Known Exploited Vulnerabi...
Read More » -
SmarterTools Breached by Hackers Exploiting Own Software Flaw
The Warlock ransomware gang breached SmarterTools by exploiting an unpatched SmarterMail server, demonstrating how a single overlooked system can compromise an entire network. Attackers used a specific authentication bypass vulnerability to gain access, moved laterally with Windows tools, but wer...
Read More » -
ShinyHunters' New MFA Bypass Fuels Data Theft
A sophisticated social engineering campaign is bypassing multi-factor authentication (MFA) using synchronized voice and email phishing attacks, successfully targeting major companies like Panera Bread and Match Group. Attackers, linked to groups like UNC6661 and ShinyHunters, use IT impersonation...
Read More » -
Critical Redis Flaw Exposes Thousands of Instances
A critical security vulnerability (CVE-2025-49844) in Redis allows authenticated attackers to execute remote code via a use-after-free flaw in Lua scripting, posing a severe risk to systems. The flaw affects a vast number of organizations due to Redis's widespread use in cloud environments, and i...
Read More » -
Corporate Streaming Platforms at Risk: Sensitive Data Exposure Looms
Corporate streaming platforms for sensitive communications often have API vulnerabilities, exposing confidential data like private meetings and strategic discussions, unlike more secure entertainment services. Security researcher Farzan Karimi found that poorly secured APIs can bypass authenticat...
Read More »