< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 2 of 18

French Tchap breach exposed over 73,000 public sector accounts

🔒 DINUM disclosed that a breach of the Tchap encrypted messaging platform impacted over 73,000 French public sector accounts after a compromised user account was used to access the service. The attacker accessed data shared in public chat rooms, which are not encrypted, potentially exposing names, email addresses, avatars, and affiliated organizations. Private conversations remain encrypted and protected, and the malicious account has been blocked while an investigation continues. A threat actor has claimed responsibility and released samples of stolen files.
read more →

New GreatXML BitLocker Bypass Exploit Disclosed

🔒 Security researcher Chaotic Eclipse disclosed a new BitLocker bypass named GreatXML that leverages files placed on the recovery partition and booting into Windows Recovery Environment (WinRE). The researcher says the issue is tied to using Windows Defender Offline Scan and can result in a shell with unrestricted access to a BitLocker volume if specific XML files are copied to the recovery partition and WinRE is invoked. GreatXML follows other recent disclosures from the same researcher, including a Defender zero-day and the earlier YellowKey bypass.
read more →

Brickcom Camera Flaw Allows Unauthenticated Video Access

🔒 The advisory describes vulnerabilities in Brickcom cameras that permit unauthenticated attackers to access live snapshots via the /ONVIF endpoint and exploit default credentials to obtain administrative control. CISA reports vendor non-coordination and urges users to contact Brickcom for support while following defensive measures. Recommended mitigations include isolating devices behind firewalls, minimizing internet exposure, and using secure remote access methods such as updated VPNs.
read more →

Ivanti patches critical Sentry gateway vulnerabilities

🔒 Ivanti patched two critical vulnerabilities in Ivanti Sentry, an in-line secure mobile gateway formerly called MobileIron Sentry, that could allow unauthenticated remote attackers to take full control of devices. One flaw, CVE-2026-10523, lets attackers bypass authentication to create administrative accounts and is rated 9.9/10. The second, CVE-2026-10520, is a command injection leading to root remote code execution and is rated 10/10. Customers should upgrade to versions 10.5.2, 10.6.2, or 10.7.1 immediately.
read more →

Ivanti Sentry critical root code execution patched

🔒 Ivanti has released patches for two critical vulnerabilities in its Sentry secure mobile gateway, including a maximum-severity OS command injection (CVE-2026-10520) that allows remote code execution as root and a critical authentication bypass (CVE-2026-10523) permitting creation of rogue admin accounts. Patches are available in Sentry R10.5.2, R10.6.2, and R10.7.1, and the vendor reports no evidence of active exploitation at disclosure. Administrators are urged to apply updates promptly to prevent potential compromises.
read more →

Critical phpBB authentication bypass risks accounts

🛡️ A critical authentication bypass in phpBB forum software allows an attacker to hijack any account, including administrators, with a single unauthenticated request and no password. Tracked as PTT-2026-004 and rated 9.4, the flaw affects all versions up to 3.3.16 (and 4.0.0 alpha) using default database authentication, while a second OAuth-related issue (PTT-2026-005, 8.3) can bind attacker credentials via CSRF and missing state checks. phpBB released 3.3.17 on June 6 to fix both issues and urged immediate upgrades; temporary mitigations include disabling OAuth and auditing OAuth bindings.
read more →

RADIUS Message Integrity Flaw in Modicon Switches

🔒 Schneider Electric disclosed a RADIUS protocol vulnerability (CVE-2024-3596) affecting Modicon Network Managed Switches when the RADIUS Server Message Authenticator option is disabled. The flaw can allow forged RADIUS responses, potentially causing denial of service and loss of confidentiality or integrity for devices connected to the switch. Default configurations are not vulnerable; vendors provide CLI and MIB guidance to ensure msgauth remains enabled. CISA republished the advisory to increase visibility and recommends standard ICS network hardening practices.
read more →

Check Point warns of IKEv1 VPN authentication flaw

🔒 Check Point released emergency hotfixes for IKEv1-related VPN vulnerabilities after confirming active exploitation of a critical authentication bypass. The primary flaw (CVE-2026-50571) can let unauthenticated attackers establish VPN sessions without valid passwords, providing a foothold for further intrusions. A second issue (CVE-2026-50752) risks MITM interference in site-to-site VPNs. Check Point urges immediate patching and migration to IKEv2 where possible.
read more →

Critical UniFi OS bug enables unauthenticated root access

🔒 Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
read more →

Critical Check Point VPN Flaw Actively Exploited

🔒 Check Point has reported active exploitation of a critical logic flaw in certificate validation affecting Remote Access and Mobile Access VPNs configured to use deprecated IKEv1. The issue, tracked as CVE-2026-50751 (CVSS 9.3), lets unauthenticated attackers bypass user authentication and establish VPN sessions without valid passwords. Exploitation requires IKEv1 enabled, legacy clients accepted, and no machine certificate requirement; activity was first observed in early May 2026 and has targeted a few dozen organizations globally.
read more →

Check Point links VPN zero-day to Qilin gang

🔒 Check Point released security updates to address CVE-2026-50751, a critical authentication-bypass flaw impacting Remote Access VPN and Mobile Access deployments that use the deprecated IKEv1 key exchange. The vulnerability allowed unauthenticated, remote attackers to establish VPN connections and was actively exploited beginning in May, with a surge in early June affecting a few dozen organizations worldwide and one confirmed case tied to the Qilin ransomware affiliate. Check Point also identified a second related issue, CVE-2026-50752, affecting certificate validation in IKEv1 and recommended immediate updates and mitigations for customers unable to patch.
read more →

Meta: 20,225 Instagram Accounts Exposed by Bug

🔒 Meta disclosed that a bug in its AI-powered High Touch Support (HTS) tool allowed attackers to request password reset links to email addresses not associated with targeted Instagram accounts, enabling unauthorized access where two-factor authentication was not enabled. The issue was discovered on May 31, affecting 20,225 users and exposing contact details, profile data, posts, messages and activity history. Meta disabled the HTS tool, invalidated reset links, enforced mandatory security checkpoints on impacted accounts, and instructed users to reset passwords and enable 2FA while it reviews recovery flows.
read more →

Meta AI support flaw led to large Instagram account hijacks

🔒 Meta disclosed that a vulnerability in its AI-assisted High Touch Support (HTS) tool allowed threat actors to reset passwords and hijack over 20,000 Instagram accounts. Attackers exploited HTS by submitting email addresses not verified against target accounts, obtaining reset links for accounts without 2FA. Meta disabled the HTS system, invalidated generated reset links, secured impacted accounts, and required affected users to reset passwords and re-authenticate. The company said it will fix the verification check and review similar recovery flows across its platforms.
read more →

Malware threats imperil automated tank gauges

🔒 CISA warns that ongoing cyber-attacks on automated tank gauges (ATGs) could allow attackers to drain fuel tanks or hide theft and leaks, affecting gas stations, military bases, hospitals, and industrial sites. The attacks exploit authentication bypasses, hardcoded credentials, OS command execution, SQL injection, and privilege escalation to gain full control. Administrators are urged to remove public serial connections, change default passwords, apply patches, report incidents to CISA, and push supply-chain partners to adopt defenses.
read more →

Microsoft 365 Android token-sharing vulnerability patched

🔒 A development flag left enabled in production builds of several Microsoft 365 Android apps bypassed the check that limits account-token sharing to trusted Microsoft apps. Any app on the same device could request the signed‑in user's FOCI token and access email, files, calendar, and messages without a password or prompt. Microsoft has released updates for affected apps; users and administrators should update or push fixes immediately.
read more →

When AI Support Workflows Become an Authorization Risk

🔒 Reporting suggests attackers used Meta’s AI support chatbot to change recovery emails on high-profile Instagram accounts, leading to notable takeovers. The core issue isn’t just prompt injection or a model jailbreak but that the AI operated within a sensitive account recovery workflow with insufficient independent verification. Organizations must treat AI-driven support actions as part of the security boundary and constrain authority, permissions, and verification around such agents.
read more →

CISA and Partners Urge Hardening of ATG Systems

🔒 The Cybersecurity and Infrastructure Security Agency (CISA), alongside multiple federal partners, warns of malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems used across energy, chemical, food and agriculture, and transportation sectors. The advisory outlines observed tactics—such as authentication bypass, command execution, and privilege escalation—and urges owners to remove ATG devices from public internet exposure, apply patches, enforce strong credentials, and monitor device logs. It also lists reporting contacts and mitigation resources.
read more →

Palo Alto fixes auth-bypass in GlobalProtect VPN

🔒 Palo Alto Networks patched CVE-2026-0257, an authentication bypass on the GlobalProtect portal and gateway, after attackers began exploiting the flaw. Initially rated medium, the issue was raised to high severity following multiple exploitation attempts on unpatched PAN-OS devices. Rapid7 observed forged-cookie probes and VPN IP assignment to internal networks, prompting urgent patching guidance. CISA added the vulnerability to its KEV Catalog and federal agencies must remediate by June 1.
read more →

Critical WP Maps Pro Bug Lets Attackers Create Admins

🔒 A critical vulnerability in WP Maps Pro (CVE-2026-8732) allowed unauthenticated attackers to create administrator accounts via a flawed "temporary access" AJAX endpoint. Discovered by researcher David Brown, the issue affected versions 6.1.0 and older and relied on a publicly exposed nonce in frontend JavaScript, making protections ineffective. Defiant observed active exploitation attempts and blocked thousands of requests, and the vendor released WP Maps Pro 6.1.1 to address the flaw. Site owners are urged to update immediately to prevent account takeover and persistent backdoors.
read more →

PAN-OS GlobalProtect Authentication Bypass Exploited

🔒 Palo Alto Networks disclosed a medium-severity authentication bypass (CVE-2026-0257, CVSS 7.8) affecting PAN-OS and Prisma Access GlobalProtect portals and gateways when authentication override cookies and a specific certificate configuration are used. The vendor warned on May 13, 2026, and updated on May 29 after confirming limited in-the-wild exploit attempts targeting unpatched devices. Rapid7 reported successful exploitation beginning May 17 with a second wave on May 21, in some cases granting VPN IP assignment and internal network access. Temporary mitigations include disabling authentication override or generating a dedicated certificate for the override feature.
read more →