More results...
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access […]
Tucker Carlson apologized on his podcast. For what? He says he was “misleading” his listeners about Trump. No specifics. No mention of Dominion. No mention of January 6 footage. No mention of Covid disinformation killing Americans. No menti…
Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works.
Please consider supporting the DefSec podcast here.
Links to this week’s stories:
https://www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized
https://www.bleepingcomputer.com/news/security/new…
22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology. Serial-to-IP converters, also known as serial device servers, connect legacy serial equipment to modern IP networks for remote monitoring […]
Presumably Trump thought, like some 1950s McCarthy buffoonish cartoon character, that he was going to violently corner oil, by deploying the U.S. military to take it all over like a gangster. Predictably, that hasn’t worked. The stability of oil …
Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported.
Two documents landed on April 21, 2026 and I’ve been asked by many people to comment on them. One is Bobby Holley’s Mozilla blog post announcing that Firefox 150 ships fixes for 271 vulnerabilities identified by Claude Mythos Preview. The o…
Hexavalent chromium. Arsenic. Where? Tesla’s lithium refinery wastewater near Corpus Christi. In a ditch. Both are IARC Group 1 carcinogens. Both are absent from Tesla’s state wastewater permit. Why can Group 1 carcinogens be dumped by Tesl…
Australians are using more cash, because cash is cool. Cash is availability. Cash is privacy. The Reserve Bank of Australia survey shows the share rising for regular purchases after two decades of displacement by payment card brand pressure. Two-thirds…