Security News

Critical auth bypass bug in CrushFTP now exploited in attacks
2025-04-01 12:46

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
2025-03-26 18:26

CVE-2025-22230 is described as an "authentication bypass vulnerability" by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
2025-03-26 10:58

Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The...

Broadcom warns of authentication bypass in VMware Windows Tools
2025-03-25 19:17

Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. [...]

Critical flaw in Next.js lets hackers bypass authorization
2025-03-24 16:15

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
2025-03-24 09:17

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked...

New SuperBlack ransomware exploits Fortinet auth bypass flaws
2025-03-13 19:57

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. [...]

GitLab patches critical authentication bypass vulnerabilities
2025-03-13 16:13

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...]

Defending against EDR bypass attacks
2025-03-12 05:00

EDR bypass and killer attacks are surging, yet many organizations continue to overlook this threat while they have become over-reliant on this security tool – particularly when preventing...