< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 7 of 18

Oracle patches critical RCE in Identity and Web Services

🔒 Oracle has released fixes for a critical pre-authentication remote code execution flaw, CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. The issue carries a CVSS score of 9.8 and is described by NVD as "easily exploitable" over HTTP by unauthenticated attackers. Oracle says the flaw can enable full takeover of vulnerable instances and urges customers to apply updates immediately.
read more →

Magento 'PolyShell' REST API Flaw Affects 2.x Releases

⚠ Sansec has disclosed a critical file upload vulnerability dubbed PolyShell in Magento's REST API that can let unauthenticated attackers upload arbitrary executables and achieve remote code execution or account takeover. The flaw stems from how custom product options accept a base64-encoded file_info object and write files to pub/media/custom_options/quote/. Adobe applied a fix in the 2.4.9 pre-release (APSB25-94), but most production stores remain unpatched; operators should restrict and block access to the upload directory, verify nginx/Apache rules, scan for web shells, and consider a specialized WAF.
read more →

Low-cost KVM-over-IP Flaws Risk Remote Network Takeover

🔒 Researchers discovered nine critical vulnerabilities across several low-cost KVM-over-IP units, including Angeet/Yeeso, GL-iNet, Sipeed, and JetKVM. Flaws range from unauthenticated file uploads and command injection to weak firmware verification and exposed debugging interfaces, enabling pre-authentication root takeover on some devices. Eclypsium warns these inexpensive, Linux-based single-port KVMs are increasingly common in business and pose outsized risks if exposed directly to networks.
read more →

PolyShell flaw allows unauthenticated RCE in Magento

⚠ A newly disclosed vulnerability called PolyShell affects all Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and potential account takeover. Adobe has issued a fix only in the 2.4.9 alpha, leaving production sites exposed. Sansec warns the exploit method is already circulating and urges admins to restrict access to pub/media/custom_options/, verify nginx/Apache rules, and scan for uploaded shells or backdoors.
read more →

Identity Attacks Rise: Adversaries Seek Invitations

🧛 Cisco Talos highlights a growing trend in 2025: attackers increasingly seek to be authorised as legitimate users rather than relying solely on loud exploits. Telemetry shows nearly a third of MFA spray attacks targeted IAM applications and fraudulent device registrations surged 178%, indicating adversaries focus on the mechanisms that grant access. Talos urges organisations to harden authentication, prioritise patching, manage EOS/EOL devices, and adopt phishing-resistant controls as part of a broader defensive posture.
read more →

Preventing Privilege Escalation via Password Resets

🔒 Many organizations invest heavily in login protections but leave password reset paths less scrutinized, creating an easy escalation route once attackers gain a foothold. The article explains common abuse scenarios — from helpdesk social engineering and intercepted reset tokens to misuse by over-permissioned admins — and recommends seven practical mitigations, including MFA, device posture checks, strict password policies, and avoiding knowledge-based authentication. It also highlights Specops tools to harden reset workflows and block breached passwords.
read more →

Critical OCPP WebSocket Vulnerabilities in eParking.fi

🔒 Multiple vulnerabilities in IGL-Technologies eParking.fi allow unauthenticated actors to connect to OCPP WebSocket endpoints, impersonate charging stations, issue commands, hijack sessions, or disrupt charging services via denial-of-service. CISA rates the most severe issue CVSSv3.1 9.4 (Critical). IGL-Technologies has implemented stronger authentication, device-level whitelisting, rate limiting, and enhanced monitoring; encrypted OCPP deployments and the proprietary eTolppa protocol are not impacted.
read more →

Critical CTEK Chargeportal Vulnerabilities and Risks

⚠️ Multiple authentication and session-management vulnerabilities in CTEK Chargeportal could allow remote attackers to impersonate charging stations, send unauthorized OCPP commands, or disrupt charging services. The highest-severity issue (CVE-2026-25192) affects WebSocket authentication and is rated CVSS 9.4 (Critical). Other flaws enable brute-force attempts, session hijacking, and exposure of station identifiers. CTEK plans to sunset Chargeportal in April 2026; operators should restrict network exposure, isolate control networks, and contact CTEK support for guidance.
read more →

Remote Control Glitch Exposes Thousands of Robot Vacuums

🤖 A user attempting to remotely control his own DJI Romo robot vacuum inadvertently gained control of approximately 7,000 devices around the world. The incident highlights how insecure many consumer IoT devices remain and how a single action can cascade into widespread exposure. Beyond mere nuisance, such mass control raises privacy and safety concerns if exploited at scale. The episode underscores the urgent need for stronger device authentication, secure update mechanisms, and clearer vendor responsibility.
read more →

Nine IP KVM Vulnerabilities Allow Remote Full Host Control

🔒 Eclypsium researchers disclosed nine vulnerabilities in low-cost IP KVM devices from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM. The most severe flaws can allow unauthenticated attackers to gain root or execute arbitrary code and operate at BIOS/UEFI levels, enabling keystroke injection, booting from removable media, and persistence beyond OS defenses. Some vendors have issued firmware fixes, but critical issues in Angeet ES3 remain unpatched. Administrators should apply available updates, isolate KVMs, and enforce stronger access controls.
read more →

Proving the Person on the Other Side Is Real, 2026 Test

🔐 By 2026, the central competition in identity-related work will be the ability to prove that the person behind a high-impact action is a real, accountable human. Generative AI and deepfakes create synthetic identities that can pass routine checks, contaminate risk models and hijack estate workflows. Defenses must focus on provenance, cross-channel consistency and continuous, risk-based verification tied to audit-grade trails.
read more →

Apple issues WebKit fix via Background Security Improvements

🔒 Apple has issued Background Security Improvements to address CVE-2026-20643, a cross-origin flaw in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. Apple fixed the issue by improving input validation and shipped patches in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a). Researcher Thomas Espach is credited with the report. Users should keep Automatically Install enabled in Settings > Privacy and Security to receive these lightweight fixes promptly.
read more →

Critical GNU InetUtils telnetd RCE via SLC Overflow

🚨 A critical out-of-bounds write in the LINEMODE Set Local Characters (SLC) suboption handler of GNU InetUtils telnetd (CVE-2026-32746) enables unauthenticated remote attackers to achieve remote code execution as root. Discovered by Dream on March 11, 2026, the flaw affects releases through 2.7 and carries a CVSS score of 9.8. Exploitation can succeed during the initial Telnet handshake with a single connection to port 23; no credentials or user interaction are required. A patch is expected by April 1, 2026; until then, disable Telnet, avoid running telnetd as root, and block port 23.
read more →

Android OS-Level Exploit Hijacks Mobile Payment Security

🔒 CloudSEK researchers have identified an Android OS-level attack that manipulates the runtime via LSPosed modules to hijack legitimate payment apps without modifying APKs or invalidating app signatures. The campaign, associated with a module dubbed Digital Lutera, intercepts SMS, spoofs device identities, and captures 2FA in real time, effectively bypassing protections like Google Play Protect and persistent integrity checks. Reinstalling apps does not remove the malicious hooks, making detection and remediation difficult.
read more →

Companies House WebFiling Glitch Exposes Corporate Data

🛑 The UK’s Companies House has suspended its WebFiling dashboard after researchers Dan Neidle and John Hewitt revealed a simple flaw that allows an authenticated user to view another company’s dashboard by selecting “file for another company” and using the browser back button to bypass an authentication code. The weakness could expose personal and corporate details for millions of directors and, in some cases, permit unauthorized changes to registrations. The agency is investigating and directors are advised to review their filings.
read more →

CISA Emergency Directive Targets Exploited Cisco SD-WAN

🔔 CISA has issued Emergency Directive 26-03 after reports that threat actors are actively exploiting a critical authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10). The directive instructs federal agencies to inventory affected systems, forward logs externally, collect forensic artifacts, apply vendor updates, hunt for signs of compromise and rebuild infrastructure if root access is detected. Agencies must report remediation and logging actions to CISA by multiple deadlines through March 23, 2026.
read more →

Trane Tracer SC Family: Multiple High-Risk Vulnerabilities

⚠️ CISA published an advisory for Trane Tracer SC, Tracer SC+, and Tracer Concierge reporting five vulnerabilities that could lead to information disclosure, arbitrary command execution, or denial-of-service. The issues (CVE-2026-28252 through CVE-2026-28256) include broken cryptography, excessive memory allocation, missing authorization, and hard-coded credentials/constants. Affected builds include Tracer SC < v4.4_SP7 and Tracer SC+/Concierge < v6.3.2310; Trane released Tracer SC+ v6.30.2313 to address these flaws. CISA advises isolating control networks, restricting remote access, applying vendor updates, and following ICS defensive best practices.
read more →

Fortinet/FortiOS Flaws Affect Siemens RUGGEDCOM APE1808

🔐 Fortinet disclosed multiple FortiOS vulnerabilities that affect Siemens RUGGEDCOM APE1808 devices. Siemens has issued firmware updates and advises operators to install vendor fixes promptly. Issues include an authentication bypass, HTTP request smuggling, and an externally controlled format string that can enable code execution or unauthorized access. Apply vendor patches and limit device exposure.
read more →

CISA warns of active exploitation: Ivanti EPM, Cisco SD‑WAN

⚠️ CISA warns that an authentication-bypass bug in Ivanti Endpoint Manager (CVE-2026-1603), patched Feb. 9, is being actively exploited to leak stored credentials. The agency also added related SolarWinds and VMware defects to its Known Exploited Vulnerabilities catalog. CISA updated an emergency directive for Cisco SD‑WAN flaws (CVE-2026-20127, CVE-2022-20775), citing signs of long-running exploitation and imposing new reporting and log-submission requirements for federal agencies, including a March 26 deadline.
read more →

Critical Aruba AOS-CX Web Bug Lets Attackers Gain Admin

⚠️ HPE Aruba Networking released patches for five vulnerabilities in AOS-CX switch software, including a critical web-management flaw that allows unauthenticated remote actors to bypass authentication and potentially reset administrator credentials. The most severe issue, CVE-2026-23813 (CVSS 9.8), can be triggered entirely over the network without user interaction. Additional CLI command-injection vulnerabilities and an open-redirect flaw were also fixed; administrators should apply updates and restrict management interfaces immediately.
read more →