Cybersecurity researchers have uncovered a critical security flaw in Securden Unified PAM that allows attackers to completely bypass authentication mechanisms and gain unauthorized access to sensitive credentials and system functions. The vulnerability, designated as CVE-2025-53118 with a CVSS score of 9.4, represents one of four serious security issues discovered in the privileged access management solution
arXiv:2508.18453v1 Announce Type: new Abstract: Balancing robust security with strong privacy guarantees is critical for Risk-Based Adaptive Authentication (RBA), particularly in decentralized settings. Federated Learning (FL) offers a promising solution by enabling collaborative risk assessment without centralizing user data. However, existing FL approaches struggle with Non-Independent and Identically Distributed (Non-IID) user features, resulting in biased, unstable, and poorly generalized...
Multiple vulnerabilities have been discovered in Commvault Backup & Recovery, which when chained together, could allow for remote code execution. Commvault Backup & Recovery is a comprehensive data protection solution that offers a range of services for safeguarding data across various environments, including on-premises, cloud, and hybrid setups. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, escalate privileges, run arbitrary commands, and...
A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals. The campaign represents one of the largest coordinated RDP reconnaissance operations observed in recent years, signaling potential preparation for
arXiv:2508.16738v1 Announce Type: cross Abstract: Zero-Knowledge Proofs (ZKPs) have emerged as powerful tools for secure and privacy-preserving computation. ZKPs enable one party to convince another of a statement's validity without revealing anything else. This capability has profound implications in many domains, including: machine learning, blockchain, image authentication, and electronic voting. Despite their potential, ZKPs have seen limited deployment because of their exceptionally high...
arXiv:2508.17913v1 Announce Type: new Abstract: Digital twin (DT) technology is rapidly becoming essential for smart city ecosystems, enabling real-time synchronisation and autonomous decision-making across physical and digital domains. However, as DTs take active roles in control loops, securely binding them to their physical counterparts in dynamic and adversarial environments remains a significant challenge. Existing authentication solutions either rely on static trust models, require...
arXiv:2508.17043v1 Announce Type: new Abstract: The increasing deployment of Unmanned Aerial Vehicles (UAVs) for military, commercial, and logistics applications has raised significant concerns regarding flight path privacy. Conventional UAV communication systems often expose flight path data to third parties, making them vulnerable to tracking, surveillance, and location inference attacks. Existing encryption techniques provide security but fail to ensure complete privacy, as adversaries can...
arXiv:2508.16843v1 Announce Type: new Abstract: Voice authentication has undergone significant changes from traditional systems that relied on handcrafted acoustic features to deep learning models that can extract robust speaker embeddings. This advancement has expanded its applications across finance, smart devices, law enforcement, and beyond. However, as adoption has grown, so have the threats. This survey presents a comprehensive review of the modern threat landscape targeting Voice...
Learn how to enhance Amazon Bedrock security with Auth0 for GenAI. This guide provides a complete walkthrough for implementing robust AI agent authentication and authorization, enabling agents to securely act on a user's behalf without static credentials.
A critical vulnerability in older versions of the Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to unauthenticated local WebSocket servers, potentially enabling remote command execution
Our analysis showed that even with very high two-factor authentication trigger rates - which traditionally add friction to the checkout flow - France, the UK, and Japan still maintain high conversion rates.
![[remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass](https://www.exploit-db.com/images/spider-orange.png)
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign.
In this gripping episode of Switchborn, Marcus delves into the rising threat of crypto kidnappings, sharing real-world examples and expert strategies for protecting your digital wallet when your life is on the line. Learn psychological tactics to stay calm, control the situation, and deploy delaying maneuvers, alongside high-tech defenses like splitting seed phrases, multi-factor authentication, and "plausible deniability" encryption tools. Marcus emphasizes prioritizing survival above all,...
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems. The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted
Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the Outlook mobile application. The issue, which remains ongoing, specifically impacts customers utilizing Hybrid Modern Authentication (HMA), a common configuration for organizations that integrate on-premises Exchange servers with Exchange Online. The
Hi everyone. I'd like to get some insights on best practices for security. Here's the situation: Our staff accesses SaaS using personal mobile devices. We currently do not have Mobile Device Management implemented. Due to the nature of personal devices, enforcing IP whitelisting is not feasible as users connect from various networks. We have only enabled Multi-Factor Authentication (MFA) as a security measure. Given these factors, do you think MFA alone provides sufficient protection against...
New AWS Bedrock keys simplify authentication while raising security considerations.
So im sure everyone has heard of the Sni5Gect framework that was debuted at USENIX. It seems the researchers have released the framework for anybody to use on github and are claiming they left out the most dangerous discoveries/exploits from their research. However according to the github page the published framework is capable of: - Crashing UE modems - Downgrade attacks - Device fingerprinting - Sniffing unencrypted 5G messages - Injecting custom packets - Authentication bypass My genuine...