Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...
Bleeping Computer

Latest Authentication Bypass news

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest ...

Critical Cisco IMC auth bypass gives attackers Admin access

Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...
The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
CSO Online

Old Docker authorization bypass pops up despite previous patch

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain ...
Threat Post

Netgear Authentication Bypass Allows Router Takeover

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. Netgear has patched three ...
Dark Reading

Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT

A proof-of-concept exploit is now available for a near maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer (MFT) software that the company publicly disclosed on Jan. 23 after quietly ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.