Security news aggregator

Latest coverage for Unauthenticated

Stay updated on unauthenticated access risks with the latest news and insights in information security. Keep your data safe from unauthorized breaches.

29 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Unauthenticated

Unauthenticated in the context of information security is the state or characteristic where an action or request is performed without proof of identity. This occurs when a system allows access to its resources, data, or services without requiring the user to provide credentials, such as a username and password, or other forms of identification and verification.

In cyber security, unauthenticated access is a significant concern because it can lead to unauthorized disclosure of information, data breaches, and system compromise. Protecting against unauthenticated attacks involves implementing robust authentication mechanisms, access controls, and monitoring systems to detect and prevent unpermitted entry or data retrieval.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 29 Filtered view

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation

More from The Hacker News 3 Jun 2026, 6:14 a.m. Incident · 3 stories Actively exploited CVE-2024-21182 America CISA CVE Flaw Oracle Unauthenticated Vulnerability

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

More from The Hacker News 19 Mar 2026, 5:00 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Critical Disclosure Exploit Firewalls Flaw Java Ransomware Root Unauthenticated Vulnerability Warning

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023

More from The Hacker News 26 Feb 2026, 7:13 p.m. Actively exploited CVE-2026-20127 0-Day Authentication Bypass CVE Cisco Disclosure Flaw Unauthenticated Vulnerability

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild

More from The Hacker News 22 Jan 2026, 5:06 p.m. Actively exploited CVE-2026-20045 0-Day CVE Cisco Critical Patch Unauthenticated Vulnerability

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. [...]

More from Bleeping Computer 6 Oct 2025, 2:37 p.m. Actively exploited CVE-2025-61882 0-Day CVE Critical Flaw Oracle Patch Remote Code Execution Theft Unauthenticated Vulnerability Warning
Trend Micro Research, News and Perspectives 10 months, 1 week ago

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

More from Trend Micro Research, News and Perspectives 22 Jul 2025, 12:00 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 Abuse CVE Flaw Insight Microsoft Patch Remote Code Execution Unauthenticated Vulnerability

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. [...]

More from Bleeping Computer 18 Jul 2025, 3:53 a.m. Actively exploited CVE-2025-20337 CVE Cisco Critical Patch Root Unauthenticated Vulnerability

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks

More from The Hacker News 14 May 2025, 3:13 a.m. Actively exploited CVE-2025-31324 Advanced Persistent Threat Breach CVE China Critical Critical Infrastructure Disclosure Exploit Flaw Nation State Remote Code Execution Unauthenticated Vulnerability
Bank Info Security 1 year, 1 month ago

Threat Actors Hacking SAP Critical Zero-Day

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload WebshellsThreat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

More from Bank Info Security 29 Apr 2025, 8:00 a.m. Actively exploited CVE-2025-31324 0-Day CVE Critical Disclosure Exploit Flaw Hacking Threat Actor Tools Unauthenticated Widely Used