Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
The Hacker News

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: ...
IEEE

An OpenRAN Security Framework for Scalable Authentication, Authorization, and Discovery of xApps With Isolated Critical Services

Abstract: The OpenRAN initiative promotes an open Radio Access Network (RAN) and offers operators fine-grained control over the radio stack. To that end, O-RAN introduces new components to the 5G ...
Biometric Companies

Delinea, Fior, Huawei strengthen AI agent authentication, authorization

California-based cybersecurity firm Delinea has completed its acquisition of StrongDM, a firm specializing in access management for engineering and AI-driven environments. A release says the combined ...
InfoWorld

WebMCP API extends web apps to AI agents

W3C proposal backed by Google and Microsoft allows developers to expose client-side JavaScript tools to AI agents, enabling collaborative workflows between users and agents within the same web ...
TechCrunch

Spotify changes developer mode API to require premium accounts, limits test users

Spotify is changing how its APIs work in Developer Mode, its layer that lets developers test their third-party applications using the audio platform’s APIs. The changes include a mandatory premium ...
The Hacker News

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication ...
GovCon Wire

Microsoft Awarded $170M Air Force Task Order to Support Cloud One

Microsoft has secured a $170.4 million task order to continue supporting the Cloud One program, a cornerstone of the Department of the Air Force’s enterprise cloud strategy. The firm-fixed-price task ...
Redmond Magazine

Microsoft Releases Emergency Fix for Azure Virtual Desktop, Windows 365 Authentication Failures

Microsoft released KB5077793 to fix Azure Virtual Desktop and Windows 365 authentication failures. January 2026 security update KB5073379 caused credential prompt failures across multiple Windows ...
Bleeping Computer

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application ...
Microsoft

Infinite scale: The architecture behind the Azure AI superfactory

Today, we are unveiling the next Fairwater site of Azure AI datacenters in Atlanta, Georgia. This purpose-built datacenter is connected to our first Fairwater site in Wisconsin, prior generations of ...
SecurityWeek

CISA Warns of CWP Vulnerability Exploited in the Wild

The cybersecurity agency CISA on Tuesday warned that a critical vulnerability affecting the Control Web Panel (CWP) server administration software has been exploited in the wild. CWP, previously named ...