Security news aggregator

Latest coverage for .NET

.NET is Microsoft's software development platform, and flaws in its runtimes or libraries can expose applications and services to attack.

84 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

.NET is Microsoft’s software-development platform: a runtime, standard libraries, language support, and application frameworks used to build web services, APIs, desktop software, and other applications. The name covers modern, cross-platform .NET as well as the older Windows-focused .NET Framework, which have different release and support paths and should be distinguished during vulnerability management.

Security exposure can arise in the runtime, ASP.NET request-handling components, application configuration, and third-party NuGet packages. Vulnerabilities may enable code execution, denial of service, or unauthorized access when affected components are reachable or incorrectly used; insecure deserialization and weak authentication or authorization are recurring application-level concerns. Operators should inventory the exact runtime and framework versions, apply supported security updates, monitor transitive dependencies, and remove obsolete components. Developers should use platform-provided cryptography and TLS appropriately, validate untrusted input, protect secrets outside source code, and configure authentication and authorization explicitly.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 84

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities appeared first on Microsoft Security Blog.

Bank Info Security 6 months, 4 weeks ago

Russian Credential-Harvesting Apes Ukraine Webmail Platform

Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage OperationsDon't expect cyber spies to respect distinctions between military and civilian networks, especially in times of war, warn researchers tracking persistent Russian military intelligence credential-harvesting attacks against users of Ukraine's popular, commercial UKR.NET webmail platform.

PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…

Bank Info Security 9 months, 3 weeks ago

Teenage Scattered Spider Suspect Arrested in Las Vegas

Juvenile Male Tied to Hack Attacks Against MGM Resorts and Caesars EntertainmentThe net continues to close on suspected members of the notorious ransomware-wielding group called Scattered Spider, with Las Vegas police announcing the arrest of a teenage, juvenile male suspect tied to 2023 attacks that hit MGM Resorts and Caesars Entertainment.

Loading more headlines...