The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.

Critical Cisco IMC auth bypass gives attackers Admin access

Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) ...
Bleeping Computer

Latest Authentication Bypass news

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest ...
Threat Post

Auth Bypass Bug Exploited, Affecting Millions of Routers

A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. An authentication-bypass ...
SecurityWeek

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has patched eight critical and high-severity vulnerabilities that could lead to bypasses, code execution, and privilege ...
ZDNet

OpenBSD patches authentication bypass, privilege escalation vulnerabilities

OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass. OpenBSD is an open source Unix operating system based on Berkeley ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...