Topic: multi-factor authentication bypass
-
Patch Alert: CitrixBleed 2 Still a Threat (CVE-2025-5777)
A critical vulnerability (CVE-2025-5777) in Citrix NetScaler systems is being exploited, enabling session hijacking and unauthorized access despite Citrix's denial of confirmed attacks. The flaw allows attackers to extract session tokens via manipulated login requests, potentially compromising ad...
Read More » -
Scattered Spider Attacks: 3 Crucial Lessons for Insurance Firms
Insurance companies are increasingly targeted by cybercriminals like Scattered Spider, exploiting weak identity security and help desk procedures to breach major insurers such as Aflac and Erie Insurance. Scattered Spider uses impersonation and social engineering to bypass multi-factor authentica...
Read More » -
1,200+ Citrix servers vulnerable to critical auth bypass flaw
Over 1,200 Citrix NetScaler systems remain vulnerable to CVE-2025-5777, a severe authentication bypass flaw enabling session hijacking and MFA bypass, with potential active exploitation despite Citrix's denial. The flaw, dubbed "Citrix Bleed 2," allows attackers to steal session tokens and creden...
Read More » -
Microsoft SaaS Vulnerability Exposed Apps for 2 Years
A critical security flaw in Microsoft’s Entra ID, called nOAuth, has exposed thousands of enterprise applications for two years, allowing unauthorized access to sensitive data by exploiting unverified email claims. The vulnerability bypasses security measures like MFA and Zero Trust, affecting ov...
Read More »