#authentication bypass
8 stories taggedauthentication bypass.
SimpleHelp OIDC Bypass Gets Weaponized: TaskWeaver and Djinn Stealer Land on Unpatched Servers
An unauthenticated auth bypass scoring a perfect 10.0 is dropping two new malware families on remote-support boxes that nobody remembered were internet-facing.
Palo Alto Confirms In-the-Wild Abuse of GlobalProtect Auth Bypass (CVE-2026-0257)
An unknown actor is exploiting a 7.8-rated authentication bypass in PAN-OS portals and gateways to slip past GlobalProtect logins.
Ivanti Sentry Carries Two Critical Bugs — One a Perfect 10 — Enabling Full Appliance Takeover
A pair of unauthenticated flaws in the mobile gateway give attackers a clear path to root. Exploit code is already public.
Check Point Issues Emergency Patches After IKEv1 Auth Bypass Draws Qilin Affiliate
Two certificate-validation flaws in Check Point's VPN stack — one already exploited, one caught during the ensuing review — have prompted hotfixes across nine Quantum software versions.
Check Point Confirms Active Exploitation of IKEv1 Cert-Bypass Flaw in Remote Access VPN
CVE-2026-50751 lets unauthenticated attackers slip past authentication on gateways still running the deprecated IKEv1 key exchange. Patch is out. Exploitation is not theoretical.
Fuel, Chemicals, Food: CISA Warns ATG Attacks Can Drain Tanks Silently
Hardcoded credentials and unauthenticated command execution leave automated tank gauges wide open. The fix list is embarrassingly short.
CVE-2026-0257: Palo Alto GlobalProtect Authentication Bypass Hit in the Wild Within Days of Disclosure
A credential-less VPN session forgery flaw in PAN-OS moved from 'medium severity, no known exploitation' to CISA's KEV catalog in sixteen days. Federal agencies had 72 hours to patch.
One Bad Character in a Host Header Breaks Auth for Thousands of FastAPI Apps
A parsing gap in Starlette lets unauthenticated requests reach protected routes — and the blast radius runs deep into the AI inference stack.