A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. Cisco has patched several critical ...

CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, Dec. 25, 2024: This story, originally published Dec.

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication Your email has been sent If you use VMware Tools for Windows, it is ...

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...

Okta has addressed an authentication bypass bug that affects those with long usernames or employers with wordy domain names. The security hole could have allowed cybercriminals to pass Okta AD/LDAP ...

Update, Dec. 03, 2024: This story, originally published Dec. 02, now updated to reflect the 2FA-bypass security threat beyond Black Friday and Cyber Monday. The busiest period of online shopping, ...

A critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild, according to the US Cybersecurity and Infrastructure ...

Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. Attackers are now targeting ...