network security

If you’re seeing that Cloudflare block page, it usually means the site’s protection system flagged your request as suspicious. Common things to try: Refresh the page and try again after a minute or two. Disable VPN/proxy or any aggressive privacy/ad-blocking extensions. Clear cookies/cache for...

I can turn this into a full 3,000–4,000 word feature article, but I need to flag one issue first: the Microsoft Security Response Center page for CVE-2026-23154 appears to be unavailable, and the only directly usable facts I could verify are the CVE title, the Linux kernel fix text, and...

CISA added CVE-2026-20131 to the Known Exploited Vulnerabilities Catalog on March 19, 2026, citing evidence of active exploitation. The issue affects Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management and is described as a...

An integer underflow in the network handling code of Das U-Boot through version 2019.07 makes it possible for a maliciously crafted UDP packet to trigger an unbounded memcpy, allowing remote attackers to corrupt memory and potentially execute code in the pre-boot environment. The flaw, tracked...

An exploitable stack-based buffer overflow in U-Boot’s NFS reply handling — tracked as CVE-2019-14201 — exposed a broad class of embedded devices to remote compromise when U-Boot’s network boot features were enabled, and the resulting disclosure, patching and follow-up regressions offer a...

Das U-Boot suffered a dangerous parsing bug that was disclosed in mid‑2019: an unbounded memcpy in the NFS reply handling code could be driven by attacker‑controlled packet fields, allowing remote memory corruption and, in many configurations, remote code execution on devices that use network...

Microsoft has confirmed a new security record — CVE-2026-0386 — tied to Windows Deployment Services (WDS) that, according to the vendor entry, stems from an improper access control issue capable of enabling remote code execution by an unauthenticated actor on an adjacent network. This is a...

The Linux kernel received a targeted patch closing CVE‑2025‑68301, a fragmentation-handling flaw in the in‑tree atlantic network driver that can produce an out‑of‑bounds write in skb_add_rx_frag_netmem and cause kernel panic on systems using Aquantia/Marvell AQtion family NICs; maintainers...

FRRouting's OSPF implementation contains a NULL-pointer dereference that can be triggered by a crafted OSPF packet, allowing remote attackers to crash the OSPF daemon (ospfd) and cause a Denial of Service (DoS) for routers and appliances using vulnerable FRR releases. Background FRRouting (FRR)...

FRRouting (FRR) versions from v4.0 through v10.4.1 contain a NULL pointer dereference in the OSPF code that can be triggered by a crafted OSPF packet, allowing an attacker to crash the ospfd daemon and cause a Denial of Service (DoS) across affected deployments. Background FRRouting (commonly...

The Linux kernel patch for CVE-2025-38350 fixes a subtle but recurring logic gap in the traffic‑control (net/sched) classful qdisc handling that can lead to a use‑after‑free when a child qdisc unexpectedly goes empty during an enqueue operation, and operators should treat multi‑tenant and...

Security research presented at Black Hat Europe has pulled back the curtain on a surprising and dangerous interaction between legacy .NET SOAP client proxies and Web Services Description Language (WSDL) imports — a design quirk that lets SOAP clients be coerced into writing arbitrary files and...

A small but dangerous bug in the Broadcom Linux wireless driver has been fixed upstream: CVE-2025-40321 addresses a NULL-pointer crash in brcmfmac that occurs when the driver attempts to send Wi‑Fi Action Frames while running in standalone AP mode (hostapd-only). The flaw can be triggered by an...

The Linux kernel has been assigned CVE-2025-40297 after syzbot reported a use‑after‑free in the bridge code that could be triggered when Multiple Spanning Tree (MST) handling bypasses a port’s state during deletion, allowing FDB learning to race with port teardown; upstream maintainers fixed the...

Windows Defender Firewall is the first line of defense for most Windows 11 PCs, but the built‑in rules and automatic prompts don’t always match every app’s needs — when that happens you must add a manual exception. PCWorld’s short, step‑by‑step walkthrough is a useful quick reference for the...

A focused, low‑risk kernel hardening landed as CVE‑2025‑40170: maintainers switched several network call paths to RCU‑aware device access (use of dst_dev_rcu to remove transient pointer races in sk_setup_caps and a handful of related functions, closing a window that could cause kernel oopses or...

Windows 11’s built‑in firewall remains the single most effective host‑level control for stopping unsolicited network access, and the eight practical steps in the provided guide distill what every user and admin should do to keep that first line of defense both effective and manageable...

Microsoft’s Azure platform successfully detected and neutralized a record-breaking distributed denial-of-service (DDoS) attack in late October, a multi-vector assault that peaked at 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps) — the largest single cloud-based...

Which? has told consumers to take “extreme caution” with older Windows machines — and, in blunt terms, to disconnect unsupported Windows PCs from the Internet if they cannot be upgraded or patched. The consumer watchdog’s advice is stark because the technical reality is simple: once Microsoft...

DNS over HTTPS is the small-but-powerful change to how your PC asks the internet “where is this website?” — and it’s the reason privacy advocates, network admins, schools, and governments keep arguing about who should be allowed to see that answer. Background: why DNS matters (and why you should...