Mastodawn

📢 CVE-2026-50751 : Bypass d'authentification IKEv1 dans les VPN Check Point (CVSS 9.3)
📝 ## 🔍 Contexte

Le 12 ju...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-13-cve-2026-50751-bypass-d-authentification-ikev1-dans-les-vpn-check-point-cvss-9-3/
🌐 source : https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/?utm_source=substack&utm_medium=email
#Authentication_Bypass #CVE_2026_50751 #Cyberveille

CVE-2026-50751 : Bypass d'authentification IKEv1 dans les VPN Check Point (CVSS 9.3)

🔍 Contexte Le 12 juin 2026, watchTowr Labs publie une analyse technique approfondie de CVE-2026-50751, une vulnérabilité de bypass d’authentification (CVSS 9.3) affectant les produits Check Point Remote Access VPN, Mobile Access et Spark Firewall. Check Point a publié des hotfixes le 8 juin 2026. La vulnérabilité est inscrite au CISA KEV et a été exploitée in the wild. 🎯 Produits affectés Les versions Gaia suivantes sont concernées : R80.20.X, R80.40, R81, R81.10, R81.10.X, R81.20, R82, R82.00.X, R82.10 Les versions en fin de support ne reçoivent aucun hotfix.

CyberVeille

CyberVeille.ch Jun 8

📢 CVE-2026-8181 : Bypass d'authentification critique dans le plugin WordPress Burst Statistics
📝 ## 🔍 Contexte

Source : CrowdSec Tracker (https://tracker.crowdsec.net/cves/CVE-2026-8181), publié le 8 juin 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-08-cve-2026-8181-bypass-d-authentification-critique-dans-le-plugin-wordpress-burst-statistics/
🌐 source : https://tracker.crowdsec.net/cves/CVE-2026-8181
#Authentication_Bypass #CVE_2026_8181 #Cyberveille

CVE-2026-8181 — Burst Statistics – Privacy-Friendly WordPress Analytics - Authentication Bypass (CVE-2026-8181) | Live Exploit Tracker

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in v…

Live Exploit Tracker

Michael Garweg Sep 12, 2025

I completed the Web Security Academy lab:
2FA simple bypass

#authentication_bypass #WebAppSec
https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

Lab: 2FA simple bypass | Web Security Academy

This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA ...

Hacker News Sep 6, 2025

We Hacked Burger King: How Auth Bypass Led to Drive-Thru Audio Surveillance
https://bobdahacker.com/blog/rbi-hacked-drive-thrus/
#ycombinator #security_research #authentication_bypass #burger_king #tim_hortons #popeyes #restaurant_brands_international #rbi #graphql_vulnerabilities #aws_cognito #drive_thru_security #privacy_breach #voice_recordings #responsible_disclosure #api_security #privilege_escalation #retail_security #fast_food_tech

We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance

Critical authentication bypass vulnerabilities in Restaurant Brands International's assistant platform allowed complete control over 30,000+ Burger King, Tim Hortons, and Popeyes locations worldwide - including access to customer drive-thru audio recordings.

Habr Mar 22, 2024

JetBrains TeamCity CI/CD CVE-2024-27198

В феврале 2024 года группа исследователей уязвимостей Rapid7 выявила уязвимость, затрагивающую сервер JetBrains TeamCity CI/CD и представляющую собой обход аутентификации в веб-компоненте TeamCity. Уязвимость получила идентификатор CVE-2024-27198 и балл CVSS равный 9,8 (критический). Наличие данного недостатка позволяет полностью скомпрометировать сервер TeamCity, не имея аутентифицированного доступа, включая удаленное исполнение команд. Компрометация сервера TeamCity позволяет злоумышленнику получить полный контроль над всеми проектами, сборками, агентами и артефактами TeamCity, что может являться подходящим вектором для атаки на цепочку поставок.

https://habr.com/ru/articles/802293/

#CVE202427198 #teamcity #jetbrains #уязвимость #authentication_bypass

JetBrains TeamCity CI/CD CVE-2024-27198

Введение В феврале 2024 года группа исследователей уязвимостей Rapid7 выявила уязвимость, затрагивающую сервер JetBrains TeamCity CI/CD и представляющую собой обход аутентификации в веб-компоненте...

Хабр

RedPacket Security Feb 23, 2024

Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited - https://www.redpacketsecurity.com/ransomware-warning-as-cvss-screenconnect-bug-is-exploited/

#threatintel #ScreenConnect_vulnerability #Patching_servers #Authentication_bypass

Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited - RedPacket Security

IT admins have been urged to patch any on-premises ScreenConnect servers immediately, after reports that a recently published maximum severity vulnerability

RedPacket Security

RedPacket Security Feb 17, 2024

New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - https://www.redpacketsecurity.com/new-ivanti-vulnerability-observed-as-widespread-security-concerns-grow/

#threatintel #Ivanti_vulnerabilities #Authentication_bypass #Remote_exploitation

CVE-2026-50751 : Bypass d'authentification IKEv1 dans les VPN Check Point (CVSS 9.3)

CVE-2026-8181 — Burst Statistics – Privacy-Friendly WordPress Analytics - Authentication Bypass (CVE-2026-8181) | Live Exploit Tracker

Lab: 2FA simple bypass | Web Security Academy

We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance

JetBrains TeamCity CI/CD CVE-2024-27198

Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited - RedPacket Security

New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - RedPacket Security