-
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication.
- December 09, 2025
- 01:36 PM
0
-
ASUS warns of new critical auth bypass flaw in AiCloud routers
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled.
- November 26, 2025
- 06:41 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
ASUS warns of critical auth bypass flaw in DSL series routers
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
- November 14, 2025
- 04:52 AM
- 1
-
Microsoft kills more Microsoft Account bypasses in Windows 11
Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11.
- October 07, 2025
- 11:37 AM
- 15
-
New Supermicro BMC flaws can create persistent backdoors
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images.
- September 24, 2025
- 04:13 PM
- 0
-
ReVault flaws let hackers bypass Windows login on Dell laptops
ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls.
- August 06, 2025
- 07:58 AM
- 0
-
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
- June 10, 2025
- 04:02 PM
- 5
-
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.
- May 13, 2025
- 02:26 PM
- 0
-
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
- May 13, 2025
- 11:54 AM
- 0
-
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights.
- April 24, 2025
- 04:24 PM
- 1
-
Critical Cisco ISE bug can let attackers run commands as root
Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
- February 06, 2025
- 11:40 AM
- 0
-
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update to address an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.
- December 23, 2024
- 07:33 AM
- 0
-
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations.
- December 08, 2024
- 10:27 AM
- 2
-
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.
- October 22, 2024
- 10:08 AM
- 0
-
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.
- September 24, 2024
- 01:03 PM
- 0
-
Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature
A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again.
- September 09, 2024
- 01:40 PM
- 0
-
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.
- August 15, 2024
- 11:26 AM
- 3
-
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.
- July 25, 2024
- 05:42 PM
- 5
-
Critical Exim bug bypasses security filters on 1.5 million mail servers
Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.
- July 12, 2024
- 04:48 PM
- 0
-
Cox fixed an API auth bypass exposing millions of modems to attacks
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information.
- June 03, 2024
- 05:10 PM
- 0
