Geek-Guy.com

Tag: bypass

Exploits, Global Security News, Network Security

Hackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)

Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentication probes using forged cookies, but the appliance accepted the cookie without a full VPN session being established in 8 out of 10 impacted…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers

CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Microsoft issues YellowKey mitigation, no patch yet

Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…

Read more →

Exploits, Global Security News

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the…

Read more →

Global Security News

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Device Code Phishing Targets Microsoft 365 Users  

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts.  According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages.   “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

Read more →

AI, Exploits, Global Security News

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco Catalyst SD-WAN solution) and Cisco Catalyst SD-WAN Manager (the management plane for the entire…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Cisco warns of an actively exploited SD-WAN flaw with max severity

Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability that Cisco patched in February. In the latest advisory, the company said the new flaw…

Read more →

AI, Exploits, Global Security News

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

MOVEit automation flaws could enable full system compromise

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…

Read more →

AI, Exploits, Global Security News

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an…

Read more →

Data Breaches, Exploits, Global Security News, malware

Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)

The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks. “Sorry” ransomware Attackers have taken advantage of CVE-2026-41940 to mass-exploit vulnerable internet-facing cPanel instances to breach servers, deface websites and…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as…

Read more →

AI, Exploits, Global Security News

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical details about the vulnerability – they have been spotted exploiting CVE-2026-41940 since February 23, and…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…

Read more →

Global Security News, Risk Management

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)

Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About FortiSandbox FortiSandbox is Fortinet’s security solution for detecting and analyzing advanced threats. It…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoint,…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

Old Docker authorization bypass pops up despite previous patch

Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts

A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems.  Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

Cisco fixed critical and high-severity flaws

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of…

Read more →

Cybersecurity, Global Security News

Authorities pull plug on Tycoon 2FA phishing-as-a-service platform

Tycoon 2FA, a phishing-as-a-service platform that allowed cybercriminals to bypass MFA and break into online accounts, has been disrupted by law enforcement agencies and cybersecurity partners. Takedown of the Tycoon 2FA phishing-as-a-service platform (Source: Europol) Active since August 2023, Tycoon 2FA was among the largest phishing operations worldwide. At its peak, the platform accounted for…

Read more →

AI, Apps, Global Security News

Global coalition dismantles Tycoon 2FA phishing kit

Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle attacks, was dismantled Wednesday by a global coalition of security companies and law enforcement agencies. Microsoft, which led the effort alongside Europol and authorities from six countries and 11 security firms or organizations, said it…

Read more →

AI, Exploits, Global Security News

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said that once the vulnerability was exploited, “the malicious actors add[ed] a rogue peer, and eventually…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on…

Read more →

AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Apache Tomcat Vulnerability Circumvents Access Rules

A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests.  Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats

FortiOS Authentication Bypass Exposes VPN and SSO Deployments

Fortinet has disclosed an authentication bypass vulnerability in FortiOS.  Under certain configurations, the flaw could allow attackers to bypass LDAP-based authentication controls and gain unauthorized access to protected enterprise networks. The vulnerability “… may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration,” said Fortinet…

Read more →