Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated…
Tag: authorization
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems. Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…
Global Security News
Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. […]
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in…