Security News

Hackers exploit WordPress plugin auth bypass hours after disclosure
2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)
2025-04-07 11:28

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute...

Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option
2025-04-04 08:26

Microsoft is killing the Windows 11 bypass trick — soon, all setups will require internet and a Microsoft Account, leaving privacy-conscious users with fewer options.

New Windows 11 trick lets you bypass Microsoft Account requirement
2025-04-01 21:33

A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. [...]

Critical auth bypass bug in CrushFTP now exploited in attacks
2025-04-01 12:46

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
2025-03-26 18:26

CVE-2025-22230 is described as an "authentication bypass vulnerability" by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
2025-03-26 10:58

Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The...

Broadcom warns of authentication bypass in VMware Windows Tools
2025-03-25 19:17

Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. [...]

Critical flaw in Next.js lets hackers bypass authorization
2025-03-24 16:15

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...