There's a security flaw in the Amazon WorkSpaces client for Linux that affects versions 2023.0 to 2024.8. This flaw can allow local users to access another user's authentication token, potentially giving them access to their WorkSpace. To fix this, users should upgrade to version 2025.0 or later.

This article details a vulnerability in Triofox that allowed unauthenticated remote access, enabling attackers to bypass authentication and execute arbitrary code. Mandiant discovered that this flaw was exploited by a threat group, allowing them to create admin accounts and run malicious scripts. The issue has been patched in newer versions of the software.

A serious vulnerability in ServiceNow's AI tools allows unauthenticated users to create backdoor admin accounts. Dubbed "BodySnatcher," this flaw highlights the risks of rapidly integrating AI features without proper security measures. ServiceNow has patched the issue, but potential risks remain due to custom configurations.

A security researcher discovered a vulnerability in Cracker Barrel's rewards admin panel, allowing unauthorized access by manipulating authentication code. The issue was reported and, notably, Cracker Barrel addressed it quickly without needing further intervention. No customer data was compromised.

Click Studios has urged users of its Passwordstate password manager to promptly update to version 9.9 Build 9972 due to a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to the administration section via a crafted URL. The company recommends implementing a temporary workaround while users transition to the latest version.

CVE-2024-28080 is an authentication bypass vulnerability in Gitblit that affects the SSH service, allowing exploitation for users with public keys assigned to their accounts. The issue arose from the interaction between Gitblit's authentication code and the Apache MINA SSH library, where incorrect handling of public key authentication led to unintended successful logins. Version 1.10, released on June 14, 2025, addresses this vulnerability along with two others.