bypass
-
Blog
ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper authentication control vulnerability…
Read More » -
Blog
Hackers exploit WordPress plugin auth bypass hours after disclosure
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79, released at the beginning of the month. The OttoKit WordPress plugin allows users to connect plugins and external tools like WooCommerce, Mailchimp, and Google Sheets,…
Read More » -
Blog
Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option
Microsoft is making it increasingly difficult to set up Windows 11 without signing into a Microsoft Account. A popular workaround that previously allowed users to bypass the mandatory login is being removed, effectively requiring an internet connection and Microsoft Account during the initial setup. Goodbye, bypass trick For years, Windows users who preferred local accounts — or simply didn’t want…
Read More » -
Blog
New Windows 11 trick lets you bypass Microsoft Account requirement
A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. Since the release of Windows 11, Microsoft has been increasingly closing loopholes and making it harder to use a local account in the operating system. Instead, the company wants you to use a…
Read More » -
Blog
3 Better ways to bypass Microsoft Account during setup on Windows 11
You still have more than one way to skip the Microsoft Account to set up Windows 11 with a local account during the Out-of-box Experience (OOBE), and in this guide, I’ll explain how to complete this process. Starting with the release of Windows 11 build 26120.3653 (Beta) and build 26200.5516 (Dev), Microsoft has announced that it’s officially removing the ability…
Read More » -
Blog
KB5054687 (build 26200.5516) for Windows 11 removes internet bypass in Dev Channel
Windows 11 build 26200.5516 is now rolling out in the Dev Channel as the update KB5054687 as part of the version 24H2 development. This preview introduces Local Semantic Search as well as other new features and changes like those available on Windows 11 build 26120.3653 in the Beta Channel, including a speech recap for Windows Narrator, a new interface to…
Read More » -
Blog
High-Severity Flaw Lets Hackers Bypass Authentication
Image: Ferran Rodenas/Flickr/Creative Commons If you use VMware Tools for Windows, it is critical to update to the latest version. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that is actively being exploited by cybercriminals. The vulnerability affects VMware Tools for Windows versions 11.x.x and 12.x.x, but has been patched in…
Read More » -
Blog
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…
Read More » -
Blog
New SuperBlack ransomware exploits Fortinet auth bypass flaws
A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-55591 on January 14, they confirmed it had been exploited as a zero-day, with Arctic…
Read More » -
Blog
Ransomware gang encrypted network from a webcam to bypass EDR
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. Cybersecurity firm S-RM team discovered the unusual attack method during a recent incident response at one of their clients. Notably, Akira only pivoted to the webcam after attempting to…
Read More »