Tag: authentication
-
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
Tags: ai, authentication, cve, cyber, data-breach, exploit, flaw, framework, open-source, rce, remote-code-execution, vulnerabilityA critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its disclosure. This vulnerability allows attackers to execute arbitrary Python code on exposed instances without any authentication. It affects the widely used open-source AI workflow framework designed for building large language model…
-
AI-Powered Phishing Attacks Surge 1,380% as Criminal Platforms Render MFA Obsolete
Imagine completing a two-factor authentication check on a real Microsoft login page and still handing a criminal full access to your email account. That is not a hypothetical. According to new research published this week by cybersecurity company Huntress, it happened across hundreds of organisations in the first four months of 2026 and the victims…
-
Open Source und moderne Authentifizierung: TeleTrusT-Podcast zur IT-Sicherheit und Digitalen Souveränität
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/open-source-authentifizierung-teletrust-podcast-it-sicherheit
-
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication…
-
FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls to capture authentication data on an unprecedented scale. Research from the SOCRadar Threat Research Unit (STRU) indicates that this operation has already compromised over 110 million credentials by targeting misconfigured or weakly secured devices, turning them…
-
CVE-2026-20253 in Splunk Enterprise aktiv ausgenutzt – Splunk Enterprise anfällig für Dateioperationen ohne Authentifizierung
First seen on security-insider.de Jump to article: www.security-insider.de/splunk-enterprise-cve-2026-20253-aktiv-ausgenutzt-a-c8295b90addaca7919847b79ed110813/
-
FortiBleed campaign used custom FortiGate sniffer to steal credentials
Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/
-
FortiBleed Campaign Targets FortiGate Devices to Harvest VPN and Admin Credentials
Tags: advisory, attack, authentication, credentials, cyber, data-breach, exploit, fortinet, threat, vpnFortinet has issued a security warning about ongoing credential-harvesting attacks targeting FortiGate devices in a campaign known as “FortiBleed.” Threat actors are exploiting weak authentication practices rather than any newly disclosed vulnerabilities. A PSIRT advisory released on June 19, 2026, by Carl Windsor indicates that the attackers are reusing previously exposed credentials from earlier incidents,…
-
Fortinet Warns of Active FortiBleed Credential Theft Attacks on FortiGate Devices
Tags: advisory, attack, authentication, credentials, cyber, data-breach, exploit, fortinet, theft, threatFortinet has issued a security warning about ongoing credential-harvesting attacks targeting FortiGate devices in a campaign known as “FortiBleed.” Threat actors are exploiting weak authentication practices rather than any newly disclosed vulnerabilities. A PSIRT advisory released on June 19, 2026, by Carl Windsor indicates that the attackers are reusing previously exposed credentials from earlier incidents,…
-
U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, service, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of…
-
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity
Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service (DoS) conditions and authentication bypass. These updates, released on June 18, 2026, affect Node.js versions 22.x, 24.x, and 26.x. The patched versions are now available as v22.23.0, v24.17.0, and v26.3.1. Node.js…
-
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing…
-
Rekord-Datenleck: 24 Milliarden Zugangsdaten offen im Netz
Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/rekord-datenleck-24-milliarden
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CVSS score of 5.3, affects all versions up to and including 2.1.4 and exposes more than 100,000 websites to potential…
-
Modified OpenSSH Binaries Let Velvet Ant Steal Passwords, Log Commands, and Hide Activity
A long-running, stealthy campaign attributed to the China-nexus actor tracked as Velvet Ant has been found to include deeply engineered backdoors in the authentication stack: modified OpenSSH binaries and tampered PAM modules that exfiltrate credentials, record every executed command, and conceal attacker activity. The discovery, part of Sygnia’s Operation Highland investigation, reveals nearly a decade…
-
The Top 10 Attack Surface Exposures in 2026
Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop, like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication, anything internet-facing is immediately at risk.With time-to-exploit now down to…
-
The Top 10 Attack Surface Exposures in 2026
Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop, like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication, anything internet-facing is immediately at risk.With time-to-exploit now down to…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Tags: advisory, attack, authentication, cve, cyber, flaw, framework, github, injection, vulnerabilityA critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions before 1.84.0 and has been assigned a critical severity rating due to its potential impact…
-
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Tags: advisory, attack, authentication, cve, cyber, flaw, framework, github, injection, vulnerabilityA critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions before 1.84.0 and has been assigned a critical severity rating due to its potential impact…
-
CVE-2026-20253: Splunk Enterprise Pre-Authentication Remote Code Execution
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cve-2026-20253-splunk-enterprise-pre-authentication-remote-code-execution
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
-
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a genuine Microsoft authentication process that, unbeknownst to them, authorizes an attacker-controlled “device.” The result: fully…
-
NewCore Launches With $66M to Rebuild Identity for AI Agents
Startup Targets Incumbents Doing Directories, Authentication, Federation and SSO. NewCore, founded by Dome9 creator Zohar Alon, emerged from stealth with $66 million to build security-first identity infrastructure designed to manage the explosion of autonomous AI agents, machine identities and cryptographic credentials expected across modern enterprises. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/newcore-launches-66m-to-rebuild-identity-for-ai-agents-a-31974
-
SimpleHelp bug lets hackers create rogue remote support accounts
A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/