CVE-2025-58382

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...

[SECURITY] Fedora 42 Update: sssd-2.11.1-2.fc42

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

EUVD-2020-12550

Malware in sbrugna...

EUVD-2021-2414

Malware in sbrugna...

EUVD-2006-6289

Malware in sbrugna...

EUVD-2020-25241

Malware in sbrugna...

CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3...

About the security content of watchOS 11.4

About the security content of watchOS 11.4 This document describes the security content of watchOS 11.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

CVE-2025-24868 Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

The User Account and Authentication service UAA for SAP HANA extended application services, advanced model SAP HANA XS advanced model allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirec...

CVE-2025-24868 Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)

The User Account and Authentication service UAA for SAP HANA extended application services, advanced model SAP HANA XS advanced model allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirec...

K02201365: SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

Security Advisory Description A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS...

New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi publish...

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was...

SiPass integrated access control vulnerability (CNVD-2021-100377)

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, an affected application has insufficiently restricted access to internal user authentication services. A remote attacker could exploit the vulnerability to trigger multiple operational accounts...

CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3...

VMSA-2020-0018:VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability

Advisory ID: VMSA-2020-0018 CVSSv3 Range: 5.3 Issue Date:2020-08-20 Updated On: 2020-08-20 Initial Advisory CVEs: CVE-2020-3976 Synopsis: VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability CVE-2020-3976 RSS Feed Download PDF Download Text...

Spring Security Security Feature Issue Vulnerability

Spring Security, formerly known as Acegi Security , is a framework used by the Spring project team to provide secure authentication services. A security signature issue vulnerability exists in Spring Security. An attacker can exploit this vulnerability to obtain unencrypted values with the help o...

Session fixation

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

Unspecified Vulnerability in Saml2 Authentication services for ASP.NET

Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in Saml2 Authentication services for ASP.NET in version 2.0.0 and later fixed in version 2.5.0, which stems from the program's failure to...

Password managers for all staff. Why the resistance?!

I’ve lost count of the number of times I’ve talked about passwords. I mention them in every talk I do. They are used in pretty much every service we test, they are the gatekeepers to our data, they are the protectors of our money and yet we still have not fixed them. As security professionals we...