A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest ...

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and account takeover.

A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. An authentication-bypass ...

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. Netgear has patched three ...

SmarterTools hit by Warlock ransomware exploiting CVE-2026-23760 in SmarterMail Breach affected office network and data center, but business apps and account data stayed safe Company patched ...

Two-factor authentication is the go-to hacker prevention step when it comes to account protection, but hot on the heels of news surrounding major data breaches at eBay, Target and a number of other ...

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.

Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. CISA flagged ...

PayPal was one of the first large online services providers to offer two-factor authentication to its users, but until recently the company’s implementation had a loophole that could have allowed ...