Hosted on MSN

Cisco’s sixth SD-WAN zero-day of 2026 gives remote attackers admin access through an authentication bypass — CISA confirms active exploitation

A remote attacker with no valid credentials can now seize full administrative control of certain Cisco SD-WAN devices, and the U.S. government says it is already happening. The vulnerability, tracked ...
Bleeping Computer

Ivanti warns of maximum severity CSA auth bypass vulnerability

Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and ...
Bleeping Computer

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics ...