authentication bypass

Palo Alto GlobalProtect VPN Auth Bypass: When Your Security Vendor’s Cookies Become the Attack Vector

| | authentication bypass, Cybersecurity, Network Security, SBN News, VPN security, zero trust
Attackers are forging authentication cookies to bypass Palo Alto GlobalProtect VPN logins. CISA KEV listed, Rapid7 confirms active exploitation since May 17 ...
Deepak Gupta's notebook
Flowchart showing attack steps from anonymous attacker discovering target via Shodan to creating developer account and exfiltrating data

Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet

| | API Management Security, API security, authentication bypass, Azure APIM, Azure security, Cloud Security, Cross-Tenant Attack, Developer Portal, Internet-Facing Vulnerability, Microsoft Azure, MSRC Response, Offensive Security, open source, Tools & Techniques, Vulnerability Research
The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API Management (APIM) exposes APIs to external consumers through a Developer Portal, the interface where developers ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability (CVE-2026-24061) Notice

GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability (CVE-2026-24061) Notice

| | authentication bypass, Blog, CVE-2026-24061, Emergency Response, GNU InetUtils Telnetd
Overview Recently, NSFOCUS CERT detected that GNU issued a security bulletin to fix the GNU InetUtils Telnetd remote authentication bypass vulnerability (CVE-2026-24061); Since the telnetd process does not effectively verify the USER ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Gitblit Authentication Bypass Vulnerability (CVE-2024-28080)

| | authentication bypass, Blog, CVE-2024-28080, Emergency Response, Gitblit
Overview Recently, NSFOCUS CERT detected that Gitblit issued a security announcement and fixed the Gitblit authentication bypass vulnerability (CVE-2024-28080); Because Gitblit’s SSH service has defects in the public key authentication process, unauthenticated ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
white airplane in mid air

PAN-PAN-PAN-OS: Palo Alto Firewalls Under Attack (Again)

| | attack chain, Attack Chains, authentication bypass, Authentication bypass flaw, CVE-2024-9474, CVE-2025-0108, CVE-2025-0111, firewall, Firewall Exploit, firewall security, Palo Alto Networks, Palo Alto Networks PAN-OS, PAN-OS, PAN-OS Vulnerability, php, SB Blogwatch
Time to Declare an Emergency? Scrotes chain three flaws to take full control—seems pretty easy ...
Security Boulevard

Fortinet OS & FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) Notification

| | authentication bypass, Blog, CVE-2024-55591, Emergency Response, FortiOS & FortiProxy
Overview Recently, NSFOCUS CERT detected that Fortinet has issued a security notification and fixed the identity authentication bypass vulnerability in FortiOS and FortiProxy (CVE-2024-55591). Unauthenticated attackers can bypass system identity authentication by ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Critical ADOdb Vulnerabilities Fixed in Ubuntu

| | ADOdb PHP, ADOdb vulnerabilities, authentication bypass, Cross-Site Scripting (XSS) Attacks, Extended Lifecycle Support, Linux & Open Source News, security patches, security vulnerabilites, SQL injection attacks, Ubuntu 16.04, Ubuntu 16.04 End of Life, Ubuntu 18.04, Ubuntu 18.04 End of Life, Ubuntu 18.04 security vulnerabilities, Ubuntu 20.04, Ubuntu 22.04, Ubuntu Security Fixes, Ubuntu Security Updates
Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses ...
TuxCare

GitHub Server Flaw Causes Critical Authentication Bypass

| | Access control, authentication bypass, Code Repository Security, CVE-2024-4985, Cyber Threats, Cybersecurity, Cybersecurity News, data protection, Encrypted Assertions, Exploitable Vulnerabilities, GitHub Enterprise Server, GitHub Security, Incident Response, Network Security, patch management, SAML SSO, security best practices, security updates, Software Development Security, Threat Intelligence, vulnerability patching
Recent developments have highlighted a critical security flaw in GitHub Enterprise Server, underscoring the importance of proactive measures to ensure the integrity of code hosting platforms. Let’s have a look at the ...
TuxCare

CISA Adds JetBrains TeamCity Vulnerability To KEV Catalog

| | authentication bypass, Business Resilience, CVE-2024-27198, CVE-2024-27199, Cyber Threats, Cybersecurity News, Endpoint security, JetBrains TeamCity, patch management, risk mitigation, Software Security, Vulnerability Management
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical JetBrains TeamCity vulnerability, emphasizing the urgent need for users to take preventive measures. The recently discovered flaw has been added ...
TuxCare
ScreenConnect Authentication Bypass demo

ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

| | authentication bypass, Remote Code Execution, security bulletin
Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. Actively exploited in the wild. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface ...
Indusface
Load more