Security news aggregator

Latest coverage for .NET

.NET is Microsoft's software development platform, and flaws in its runtimes or libraries can expose applications and services to attack.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

.NET is Microsoft’s software-development platform: a runtime, standard libraries, language support, and application frameworks used to build web services, APIs, desktop software, and other applications. The name covers modern, cross-platform .NET as well as the older Windows-focused .NET Framework, which have different release and support paths and should be distinguished during vulnerability management.

Security exposure can arise in the runtime, ASP.NET request-handling components, application configuration, and third-party NuGet packages. Vulnerabilities may enable code execution, denial of service, or unauthorized access when affected components are reachable or incorrectly used; insecure deserialization and weak authentication or authorization are recurring application-level concerns. Operators should inventory the exact runtime and framework versions, apply supported security updates, monitor transitive dependencies, and remove obsolete components. Developers should use platform-provided cryptography and TLS appropriately, validate untrusted input, protect secrets outside source code, and configure authentication and authorization explicitly.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines Filtered view

PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…

The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.…

CEO: Neural net tech 'flattens our hiring curve, helps us innovate' CrowdStrike – the Texas antivirus slinger famous for crashing millions of Windows machines last year – plans to cut five percent of its staff, or about 500 workers, in pursuit of "greater efficiencies," according to CEO and co-founder George Kurtz.…

This, this is what we mean by a sophisticated cyberattack Criminals behind the cyberattacks on Twilio and Cloudflare earlier this month had cast a much wider net in their phishing expedition, targeting as many as 135 organizations — primarily IT, software development and cloud services providers based in the US.…