'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.
Stay updated on the latest bypass techniques threatening information security. Discover defenses and trends in system vulnerabilities with our insights.
Search across headline titles and summaries.
Background for this topic.
Bypass describes attacker methods that circumvent specific security controls, such as authentication checks, input validation, or detection systems, without directly exploiting the underlying vulnerability. These techniques often leverage design flaws, misconfigurations, or protocol weaknesses to evade protections like firewalls, multi-factor authentication, or antivirus scanning.
Bypassing controls can enable unauthorized access, data exfiltration, or persistent presence while avoiding alerts, complicating detection and response. Effective defense requires layered security measures, rigorous configuration management, and continuous validation of control effectiveness to identify and close bypass paths before attackers exploit them.
Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...]
Huntress's Kyle Hanslovan Warns of MFA Bypass, Rogue Apps, Fake Device EnrollmentsCybercriminals are bypassing MFA using session tokens and rogue app access, with shadow workflows enabling persistent inbox theft against SMBs. Huntress offers behavioral training and managed identity response to SMBs for real protection not just more alerts, says CEO Kyle Hanslovan.
As Agentic AI Takes Over Workflows, Traditional Authentication Practices Fall ShortThe explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. [...]