> TritonInfoSec News
Home / Jun 14, 2026 / Story
0
#10 BleepingComputer general June 12, 2026 at 18:19 UTC

phpBB forum fixes auth bypass bug lurking for a decade

By Bill Toulas

AI Summary

A 10-year-old authentication bypass vulnerability in phpBB forum software has been patched, allowing an unauthenticated attacker to log in as any account including site administrators. The flaw had been present and undetected in the widely deployed open-source forum platform for a decade, posing a significant risk to any phpBB instance that had not applied the fix. Forum operators should update immediately, as the bug's severity and long exposure window make it likely to be actively targeted following public disclosure.

Read full article → https://www.bleepingcomputer.com/news/security/php…

Relevance score: 70.0/100

# More from June 14

  1. 1
    Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters SecurityWeek
  2. 2
    ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberScoop
  3. 3
    400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer The Hacker News
  4. 4
    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication The Hacker News
  5. 5
    Chinese hackers hijack auth flow, spy on isolated network for a decade BleepingComputer
  6. 6
    FBI takes down massive China-based cybercrime network that caused $1.9B in losses CyberScoop
  7. 7
    Ivanti Sentry Exploitation Attempts Hitting Honeypots SecurityWeek
  8. 8
    U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals The Hacker News
  9. 9
    Over 400 Arch Linux packages compromised to push rootkit, infostealer BleepingComputer