ZDNet

Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass

Microsoft has warned that the hacking group behind the 2020 SolarWinds supply chain attack have a new technique for bypassing authentication in corporate networks. The trick, a highly specialized ...

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Bleeping Computer

Latest Authentication Bypass news

Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Attackers are doubling down ...
Forbes

2FA Code Warning As Hackers Steal 17 Billion Cookies To Use In Attacks

Two-factor authentication is, without a shadow of a doubt, a necessity given the current threat landscape where infostealers rule supreme. If you are not using passkeys already, then your passwords ...
Dark Reading

Kaseya Hacked via Authentication Bypass

Last Friday, just before the extended American Independence Day holiday, it was announced that Kaseya, an American software company, was hacked. The malicious actors were able to distribute ransomware ...
Dark Reading

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

Attackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authentication of that interface and invoke ...
Forbes

New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from ...