ASP.NET – Experimental News Clipping Site

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Sep 3, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…

Krebs on Security: Microsoft Fix Targets Attacks on SharePoint Zero-Day

Jul 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/ Source: Krebs on Security Title: Microsoft Fix Targets Attacks on SharePoint Zero-Day Feedly Summary: On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint…

Unit 42: GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed

Jul 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/initial-access-broker-exploits-leaked-machine-keys/ Source: Unit 42 Title: GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed Feedly Summary: An IAB campaign exploited leaked ASP.NET Machine Keys. We dissect the attacker’s infrastructure, campaign and offer takeaways for blue teams. The post GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed appeared first on Unit…

Bulletins: Vulnerability Summary for the Week of June 9, 2025

Jun 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…

Bulletins: Vulnerability Summary for the Week of April 21, 2025

Apr 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-118 Source: Bulletins Title: Vulnerability Summary for the Week of April 21, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Mar 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…

Tag: ASP.NET

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Krebs on Security: Microsoft Fix Targets Attacks on SharePoint Zero-Day

Unit 42: GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed

Bulletins: Vulnerability Summary for the Week of June 9, 2025

Bulletins: Vulnerability Summary for the Week of April 21, 2025

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys