Authentication Bypass
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected, allowing remote attackers to invoke privileged MCP actions without credentials. Because those actions involve writing and […]
Critical Cisco IMC auth bypass gives attackers Admin access
Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Also known as CIMC, Cisco IMC is a hardware module embedded on the motherboard of Cisco servers that provides out-of-band management (even if the operating system is powered off or crashed) for UCS […]
TP-Link warns users to patch critical router auth bypass flaw
TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517, this security flaw affects Archer NX200, NX210, NX500, and NX600 wireless routers and stems from a missing authentication weakness that attackers can exploit without privileges. “A missing […]
HPE warns of critical AOS-CX flaw allowing admin password resets
Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. AOS-CX is a cloud-native network operating system (NOS) developed by HPE subsidiary Aruba Networks for the company’s CX-series campus and data center switch devices. The most severe security flaw today is a […]
CISA: Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. Ivanti’s EPM software is an all-in-one endpoint management solution for managing client devices across Windows, macOS, Linux, Chrome OS, and IoT platforms. Tracked as CVE-2026-1603, this security flaw can be exploited […]
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. Secure FMC is a web or SSH-based interface for admins to manage Cisco firewalls and configure application control, intrusion prevention, URL filtering, and advanced malware protection. Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication […]
Hackers target Microsoft Entra accounts in device code vishing attacks
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the […]
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. Discovered by researcher Souvik Kanda and tracked as CVE-2026-1670, the security issue is classified as “missing authentication for critical function,” and received a crtical severity score of […]
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data. The company’s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM) set up by an employee. “Prior to […]
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr’s Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks. Bazydlo also […]