Breach & Build — cybersecurity news

🔴 CVE-2026-33494 | CRITICAL (CVSS 10.0)! An authorization bypass in ORY Oathkeeper threatens your HTTP security. ALL versions are affected. Immediate action is...

#CVE #BreachAndBuild #ORYOathkeeper #AuthBypass #IAPSecurity

breachandbuild.com/cve-2026-33494-cve-2026-...

BaseFortify CVE report page showing CVE-2026-2628 with CRITICAL 9.8 severity score and authentication bypass details for the Microsoft 365 SSO WordPress plugin.

Affected: All versions ≤ 2.2.5
Vendor: cyberlord92 (login_with_azure)

Weakness: CWE-288
Authentication required — but an alternate path bypasses it.

Impact:
• Admin account takeover
• Website defacement
• Data exfiltration
• Malware deployment

#AuthBypass #WebSecurity #VulnerabilityManagement

SolarWinds Fixes Critical Web Desk Flaws
Read More: buff.ly/cm9aeex

#SolarWinds #WebHelpDesk #CriticalPatch #RemoteCodeExecution #AuthBypass #EnterpriseSecurity #VulnerabilityManagement #PatchNow

GitLab Warns Of High Severity Auth Flaws
Read More: buff.ly/PRMtKMz

#GitLab #AuthBypass #TwoFactorAuth #DevSecOps #SourceCodeSecurity #VulnerabilityDisclosure #Infosec

Arctic Wolf Sees FortiGate Attack Surge
Read More: buff.ly/UAYZkE7

#FortiGate #FirewallSecurity #NetworkSecurity #ThreatIntel #AuthBypass #CyberAttacks #Infosec #SOC

Critical TP Link VIGI Camera Takeover
Read More: buff.ly/KmiRTkP

#TPLINK #VIGICamera #IoTSecurity #SurveillanceSecurity #AuthBypass #DeviceTakeover #CyberVulnerability #Infosec

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release commands using RCE-as-a-feature functions read more about SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release reconbee.com/smartermail-...

#smartermail #authbypass #smartertools #cybersecurity #cyberattack

Screenshot of a BaseFortify CVE report page for CVE-2026-24061 showing description, CVSS 9.8 critical severity, affected GNU Inetutils versions, and attack flow visualization.

🧠 Technical details

telnetd improperly passes the USER environment variable to the login program. Supplying "-f root" is interpreted as a command flag, bypassing authentication entirely. No password required. ⚠️🐚

#AuthBypass #CWE88 #SysAdmin #Infosec

ServiceNow Patches AI Impersonation Flaw
Read More: buff.ly/4BkEvGr

#ServiceNowSecurity #BodySnatcher #CVE202512420 #AIPlatformSecurity #IdentityImpersonation #AuthBypass #AgenticAI #EnterpriseAI #AppSec

Hackers Exploit Fortinet Auth Bypass
Read More: buff.ly/BIKcW28

#FortinetVulns #AuthBypass #NetworkSecurity #FirewallSecurity #ActiveExploitation #EnterpriseSecurity #PatchNow #ThreatIntel #CyberAlert

FortiGate Hit By SAML SSO Attacks Active
Read More: buff.ly/zipavjh

#Cybersecurity #FortiGate #SSO #AuthBypass #ZeroTrust #NetworkSecurity #PatchNow #CVE #InfosecAlert #EnterpriseSecurity

FindAll theme illustration

🔥 CVE-2025-13539 — FindAll Membership Plugin

Critical auth bypass allows admin login without a password via crafted social login data.

🔗 basefortify.eu/cve_reports/...

#CVE #WordPress #AuthBypass #Infosec

Passwordstate dev urges users to patch auth bypass vulnerability reconbee.com/passwordstat...

#passwordstate #authbypass #Vulnerability #vulnerabilites #passwordstatedev #potatoattack

Passwordstate dev urges users to patch auth bypass vulnerability authentication and access the Passwordstate Administration read more about Passwordstate dev urges users to patch auth bypass vulnerability

Passwordstate dev urges users to patch auth bypass vulnerability reconbee.com/passwordstat...

#passwordstate #authbypass #Vulnerability #vulnerabilites #passwordstatedev #cyberattack

Instantel Micromate

~Cisa~
Crit auth bypass (CVE-2025-1907) on all versions: missing config port auth allows remote unauth cmd exec.
-
IOCs: CVE-2025-1907
-
#AuthBypass #CVE20251907 #ICS #ThreatIntel

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems.

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
www.bleepingcomputer.com/news/securit...

#Infosec #Security #Cybersecurity #CeptBiro #VersaConcerto #AuthBypass #RCE

CVE-2025-29775: SAMLStorm POC Exploit Demo for xml-crypto and Node.js libraries in SAML CVE-2025-29775: SAMLStorm POC Exploit Demo for xml-crypto and Node.js libraries in SAML The Samtorm vulnerability exploits flaws in SAML authentication, allowing attackers to forge authentication res...

CVE-2025-29775: SAMLStorm POC Exploit Demo for xml-crypto and Node.js libraries in SAML twuai.com/post/7500476... #Exploit #SAML #AuthBypass #hacking #xml #cybersecurity #infosec

Critical auth bypass bug in CrushFTP now exploited in attacks workaround to safeguard their CrushFTP servers read more about Critical auth bypass bug in CrushFTP now exploited in attacks

Critical auth bypass bug in CrushFTP now exploited in attacks reconbee.com/critical-aut...

#authbypass #CrushFTP #cyberattack #attacks #CyberSecurity

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
www.helpnetsecurity.com/2024/09/25/c...
#Infosec #Security #Potatosecurity #CeptBiro #Ivanti #vTM #AuthBypass #CISA

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) - Help Net Security CVE-2024-7593, a critical auth bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited.

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
www.helpnetsecurity.com/2024/09/25/c...
#Infosec #Security #Cybersecurity #CeptBiro #Ivanti #vTM #AuthBypass #CISA

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
www.bleepingcomputer.com/news/microso...

#Infosec #Security #Cybersecurity #CeptBiro #Microsoft #RansomwareGangs #Exploit #VMware #ESXi #AuthBypass #BlackBasta #Akira