authentication bypass exploit

From Cyber Security News – CrushFTP Vulnerability Exploited to Gain Full Server Access

A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through…

shaikh Saqib March 31, 2025

News

From Dark Reading – Critical Fortinet Vulnerability Draws Fresh Attention

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw. Read More

shaikh Saqib March 20, 2025

News

From The Hacker News – New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

shaikh Saqib March 18, 2025

News

From The Hacker News – GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows

shaikh Saqib March 13, 2025

News

From Cyber Security News – Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity. Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects…

shaikh Saqib March 10, 2025

News

From The Hacker News – Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or

shaikh Saqib February 18, 2025

News

From Cyber Security News – SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release…

shaikh Saqib February 16, 2025

News

From Cyber Security News – Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control

A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide. The…

shaikh Saqib February 12, 2025

News

From Cyber Security News – SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account

A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2…

shaikh Saqib February 10, 2025