VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. Automattic, the company behind ...

Many online services are implementing two-factor authentication to bulk up security and prevent unauthorized access to sensitive information. Dropbox is just one of those online services that offers ...

When the malware group Lapsus$ needed to gain access to systems compromised in recent breaches, it not only searched for passwords but also for the session tokens — that is, cookies — used to ...

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. Netgear has patched three ...

Passwordstate's latest version patches an authentication bypass flaw It could be abused to access the Passwordstate Administration section without authentication There are workarounds, too ...

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure ...

OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass. OpenBSD is an open source Unix operating system based on Berkeley ...

A proof-of-concept exploit is now available for a near maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer (MFT) software that the company publicly disclosed on Jan. 23 after quietly ...

PayPal was one of the first large online services providers to offer two-factor authentication to its users, but until recently the company’s implementation had a loophole that could have allowed ...

Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Attackers are doubling down ...