Overview
- Microsoft
- ASP.NET Core 10.0
Description
Statistics
- 6 Posts
- 10 Interactions
Fediverse
📰 .NET 10.0.7 Out-of-Band Security Update
We are releasing .NET 10.0.7 as an out-of-band security update to address CVE-2026-40372.
https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/ #dotnet
From the .NET blog...
In case you missed it earlier...
.NET 10.0.7 Out-of-Band Security Update
https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/ #dotnet #MaintenanceUpdates #NET10 #CVE202640372 #OOB #Security
From the .NET blog...
.NET 10.0.7 Out-of-Band Security Update
https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/ #dotnet #MaintenanceUpdates #NET10 #CVE202640372 #OOB #Security
Microsoft has released an emergency .NET 10.0.7 update to fix a critical elevation of privilege vulnerability (CVE-2026-40372) in the Microsoft.AspNetCore.DataProtection NuGet package, affecting versions 10.0.0 through 10.0.6. This vulnerability could allow attackers to bypass integrity validation and escalate privileges, and Microsoft strongly advises immediate updating of the package.
https://cybersecuritynews.com/emergency-net-10-0-7-update-patch/
Overview
Description
Statistics
- 5 Posts
- 12 Interactions
Fediverse
Over 1,370 Microsoft SharePoint servers are exposed online to a spoofing vulnerability (CVE-2026-32201), which is actively exploited in the wild. This critical flaw, identified by The Shadowserver Foundation, allows unauthorized attackers to bypass security protocols and potentially compromise sensitive corporate data, highlighting a significant patch management problem for many organizations.
https://gbhackers.com/1370-microsoft-sharepoint-servers-at-risk-of-spoofing-attacks/
Bluesky
Overview
Description
Statistics
- 4 Posts
- 3 Interactions
Bluesky
Overview
Description
Statistics
- 3 Posts
Fediverse
CVE-2026-34197 ActiveMQ RCE via Jolokia API
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/
Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-34197-activemq-rce-via-jolokia-api
Thousands of Apache ActiveMQ instances remain unpatched weeks after a critical remote code injection vulnerability (CVE-2026-34197) was discovered, highlighting a dangerous lag in security updates. Experts warn that with AI capable of rapidly weaponizing newly found bugs, slow patching cycles are a significant network security risk.
https://www.csoonline.com/article/4161532/thousands-of-apache-activemq-instances-still-unpatched-weeks-after-an-actively-exploited-hole-discovered.html
Description
Statistics
- 3 Posts
- 5 Interactions
Fediverse
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful https://securityaffairs.com/191040/hacking/cve-2023-33538-under-attack-for-a-year-but-exploitation-still-unsuccessful.html
TP-Link router owners beware | A Deep Dive Into Attempted Exploitation of CVE-2023-33538 #devopsish https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/
Overview
- OpenBSD
- OpenBSD
Description
Statistics
- 2 Posts
- 3 Interactions
Fediverse
Another1 - CVE-2026-41285 - OpenBSD
https://nvd.nist.gov/vuln/detail/CVE-2026-41285
(Project asswing was not involved)
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Overview
- PackageKit
- PackageKit
Description
Statistics
- 2 Posts
Fediverse
There is a great report out there by @dtcert
Telekom Red Team (great work guys) found a high severity LPE vulnerability in PackageKit daemon. In the report the distros of Ubuntu, Debian and Fedora and some more are mentioned as effected. Some left traces to hunt for the exploitation comes with the report, which is helpful.
edit: now known as CVE-2026-41651
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
PackageKit GHSA-f55j-vvr9-69xv / "Pack2TheRoot" / CVE-2026-41651
请尽快更新
All PackageKit versions between >= 1.0.2 and <= 1.3.4 are vulnerable.
Debian 12 1.2.6-5+deb12u1
Debian 13 1.3.1-1+deb13u1
上游修复版本 1.3.5
This release fixes a critical security vulnerability that allows unprivileged local users to obtain root privileges on any distribution that uses PackageKit.
Overview
- Microsoft
- Microsoft Defender Antimalware Platform
Description
Statistics
- 2 Posts
Fediverse
Three publicly available exploits, BlueHammer, RedSun, and UnDefend, are being used to turn Microsoft Defender into an attacker tool, with two enabling SYSTEM-level access and one disrupting Defender's update mechanism. While a patch exists for BlueHammer (CVE-2026-33825), RedSun and UnDefend exploit separate flaws, allowing attackers to escalate privileges or weaken defenses with minimal modifications.
https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool
Overview
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
Critical Fortinet FortiClient EMS Zero-Day CVE-2026-35616 Exploited Before Official Patch Was Released
#CyberSecurity
https://securebulletin.com/critical-fortinet-forticlient-ems-zero-day-cve-2026-35616-exploited-before-official-patch-was-released/