CVE-2026-4592 kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is...

EUVD-2020-29108

Malware in sbrugna...

EUVD-2024-50272

Malicious code in bioql PyPI...

CVE-2025-58352 Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

CVE-2025-7955

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentraladminlogin2faverify function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identic...

CVE-2025-7955 RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentraladminlogin2faverify function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identic...

Moodle self enrollment available before completing second factor with MFA enabled

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

PT-2020-20047 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue arises from a misconfiguration in Nextcloud Server, where the user is incorrectly led to believe that passwordless WebAuthn also serves as two-factor verification. This misconception occu...

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

Cryptocurrency investor and Dogecoin founder Michael Terpin has filed a $223.8 million lawsuit against AT&T, alleging the mobile phone giant turned a blind eye to SIM fraud. Terpin alleges that more than 3 million cryptocurrency tokens worth $24 million were lifted from his digital wallet at an...

Google Trust API plans to replace your Passwords with Trust Score

The importance of increasing online security around personal information has risen due to the increase in cyber attacks and data breaches over recent years. I find it hilarious people are still choosing terrible passwords to protect their online accounts. The massive LinkedIn hack is the latest i...

Verizon to Bolster Authentication with QR Codes

If you want to know what the future holds for authentication on the web, it all depends whom you ask. Some say it’ll come in the form of biometrics – iris and fingerprint scans, etc. Others say the answer lies in a tangle of constantly changing two-factor verification codes users need to punch in...

Mobile Devices Key To Facebook's New Log-In Approval Feature

Facebook is implementing a new opt-in, two-factor verification security feature they are calling log-in approval. The new feature will require users to enter a unique, one time code, which Facebook will send via SMS whenever a user tries to access his or her account from a new and/or unrecognized...