top of page
ALL POSTS
Microsoft Issues Emergency Patch for Critical ASP.NET Core Privilege Escalation Vulnerability CVE-2026-40372
Key Findings Microsoft released out-of-band patches for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability with a CVSS score of 9.1 Successful exploitation allows attackers to gain SYSTEM-level privileges and access sensitive files The flaw stems from improper cryptographic signature verification in the DataProtection library versions 10.0.0-10.0.6 Exploitation requires three specific conditions: vulnerable NuGet package in use, runtime loading of the
Apr 222 min read
Interlock Ransomware Group Exploits Cisco FMC Zero-Day Vulnerability 36 Days Before Disclosure
Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra
Mar 192 min read
bottom of page
