Daily News
Your VPN just let someone in without a password.
Your VPN just let someone in without a password. Not because they guessed it. Not because someone clicked a phishing link. Because the authentication check never happened at all. CVE-2026-0257 is an authentication bypass in Palo Alto Networks PAN-OS that affects GlobalProtect portal and gateway. The flaw is subtle: when the certificate used to encrypt…
Read MoreYour endpoint manager just delivered malware to every device it manages.
Your endpoint manager just delivered malware to every device it manages. That is not a hypothetical. It happened this week. CVE-2026-35616 is a pre-authentication API bypass in FortiClient Endpoint Management Server (EMS). CVSS 9.1. Actively exploited. Here is what the attack looks like: the attacker authenticates to your EMS without credentials, takes control of the…
Read More