authentication bypass

CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. (cisa.gov) Background...

CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...

Siemens RUGGEDCOM ROX II devices are the subject of a newly cataloged vulnerability — tracked as CVE-2025-40761 — that allows an attacker with physical access to the device’s serial interface to bypass authentication through the device’s Built-In-Self-Test (BIST) mode and obtain a root shell, a...

Identity research published in July surfaces two sobering truths for Windows shops: attackers can now bypass dMSA authentication in Windows Server 2025 to mass‑generate service account passwords for lateral movement, and misgoverned first‑party apps in Microsoft Entra ID can be abused to...

A major security vulnerability has been discovered in Packet Power’s EMX and EG products, exposing critical infrastructure worldwide to the risk of unauthorized remote access and control. The vulnerability, designated CVE-2025-8284, allows attackers to bypass authentication entirely, offering a...

A new wave of critical vulnerabilities in Microsoft SharePoint has come to light with the release of a comprehensive Malware Analysis Report (MAR) by the US Cybersecurity and Infrastructure Security Agency (CISA). The report shines a spotlight on dangerous exploitation chains—most notably one...

The rise and proliferation of network-connected security cameras are both a story of technological empowerment and a cautionary tale about the evolving risks in our digital landscape. Nowhere is this interplay more evident than with the recent security advisory regarding the LG Innotek LNV5110R...

In recent developments, cybersecurity researchers have uncovered a sophisticated phishing toolkit named PoisonSeed, designed to circumvent the robust protections offered by FIDO2 authentication. This malicious tool targets users of Microsoft 365, Google Workspace, and Okta by redirecting their...

When a misstep in authentication can spell disaster for critical infrastructure, every system administrator, developer, and security professional needs to pay close attention. This is precisely the case with the recently discovered vulnerability in KUNBUS’s Revolution Pi Webstatus—an industrial...

Microsoft 365 tenants across the United States have recently become the focal point of a sophisticated, widespread phishing campaign that leverages a rarely-discussed but highly impactful vulnerability in Exchange Online’s Direct Send feature. Security researchers have confirmed that, since May...

As cyber threats continue their relentless evolution, organizations face mounting pressure to strengthen their vulnerability management strategies. In today’s interconnected digital landscape, overlooking a single critical flaw can cascade into costly breaches, reputational harm, and operational...

On May 22, the Cybersecurity and Infrastructure Security Agency (CISA) issued two critical advisories focused on vulnerabilities present in Industrial Control Systems (ICS), underlining the persistent challenges facing operational technology in industrial environments. As cyber threats evolve...

A new wave of cyberattacks has emerged, sending ripples across the digital landscape, and it is targeting one of the world’s most widely adopted productivity ecosystems—Microsoft 365. At the center of this ongoing threat is a campaign linked to Tycoon2FA, a notorious Phishing-as-a-Service...

On May 1, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued two critical advisories concerning vulnerabilities in industrial control systems (ICS). These advisories highlight significant security flaws in KUNBUS GmbH's Revolution Pi and MicroDicom's DICOM Viewer, both...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a high-severity advisory concerning Siemens Industrial Edge Devices, signaling one of the most consequential authentication bypass vulnerabilities in the industrial control system (ICS) domain to date. Siemens, a...

The fight against cyber threats isn’t a series of isolated battles—it’s an ongoing campaign that requires consistent vigilance, adaptation, and a deep understanding of the evolving landscape. This never-ending reality is thrown into sharp relief each time the Cybersecurity and Infrastructure...

As the digital landscape continues to expand, vulnerabilities that expose critical infrastructure become more consequential. Recently, a set of alarming security flaws was disclosed by CISA affecting Optigo Networks’ Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool—products...

If you run a major chunk of your business on Microsoft 365, you might want to put that celebratory “we passed another compliance audit” cake back in the fridge, at least until you hear about the latest episode of Authentication Drama Theatre: the “Cookie Bite” attack. This newly publicized trick...

In today’s fast-paced digital landscape, staying informed about cybersecurity threats is crucial for every Windows user—even if you’re primarily using your device for everyday tasks. Recently, a critical vulnerability, designated as CVE-2025-21415, has been disclosed in Microsoft's Azure AI Face...

In a world where cybersecurity threats loom large, the recently disclosed CVE-2024-49056 vulnerability on airlift.microsoft.com has emerged as a potential red flag for network security. This particular flaw involves an authentication bypass that can be exploited by an authorized attacker...