Bleeping Computer

VMware discloses critical VCD Appliance auth bypass with no patch

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud ...
Bleeping Computer

Latest Authentication Bypass news

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. AI notetakers can spread fast. In ...
Forbes

Google And Microsoft Users Warned As New 2FA Bypass Attacks Reported

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, Dec. 25, 2024: This story, originally published Dec.
Forbes

New 2FA Security Warning—30 Million Authentication Cookies Up For Sale

Update, Dec. 03, 2024: This story, originally published Dec. 02, now updated to reflect the 2FA-bypass security threat beyond Black Friday and Cyber Monday. The busiest period of online shopping, ...
Infosecurity-magazine.com

Critical Ivanti Authentication Bypass Bug Exploited in Wild

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure ...
Dark Reading

Okta Fixes Auth Bypass Bug After 3-Month Lull

Okta has addressed an authentication bypass bug that affects those with long usernames or employers with wordy domain names. The security hole could have allowed cybercriminals to pass Okta AD/LDAP ...
Dark Reading

Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

An API authorization-bypass flaw in the infrastructure of a leading US broadband provider exposed millions of business customer devices to attacks, giving threat actors access to permissions on the ...

Barracuda report finds phishing kits doubled in 2025 as attacks grew more evasive

A new report out today from Barracuda Networks Inc. has detailed how phishing attacks grew more sophisticated and harder to detect in 2025 thanks to the rapid evolution of phishing-as-a-service kits ...
ZDNet

Fortinet warns that critical authentication bypass flaw has been exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog. CISA on Tuesday added the flaw to the KEV catalog, a day ...
Hosted on MSN

HPE flags critical StoreOnce auth bypass, users should update now

HPE patches eight flaws in StoreOnce platform Among the flaws is a critical severity authentication bypass There are no workarounds and users are advised to patch up Hewlett Packard Enterprise (HPE) ...
ZDNet

Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass

Microsoft has warned that the hacking group behind the 2020 SolarWinds supply chain attack have a new technique for bypassing authentication in corporate networks. The trick, a highly specialized ...