networksecurity

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...

A compact but sophisticated campaign tracked as GhostRedirector has infected at least 65 Internet‑facing Windows IIS servers and paired a stealthy native backdoor with an in‑process IIS module to run a covert, profitable SEO fraud operation that pushes third‑party gambling sites while leaving...

The identifier CVE-2025-49712 does not appear in any public, authoritative advisory or vulnerability database at this time; the single URL you supplied resolves to Microsoft’s update guide infrastructure but returns no accessible content without JavaScript, and independent searches for...

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a joint Cybersecurity Advisory to...

Ransomware attacks have evolved significantly, with cybercriminals increasingly exploiting the Server Message Block (SMB) protocol to target network shares remotely. This method allows attackers to encrypt and exfiltrate data across network shares without deploying malicious code directly on the...

The Windows Routing and Remote Access Service (RRAS) has recently been identified as vulnerable to a critical security flaw, designated as CVE-2025-49672. This vulnerability is a heap-based buffer overflow that allows unauthorized attackers to execute arbitrary code over a network, posing...

The provided link leads to a "Page Not Found" (404 error) on the ProPakistani website, so I couldn't access the details directly from the source. However, I can confirm the headline is about the Pakistan Telecommunication Authority (PTA) issuing a cybersecurity advisory after Microsoft warned...

If your Planet Technology network appliances have recently been basking in the (mis)fortune of being in the news, it’s likely not for their blazing gigabit speeds or rack-mount elegance—rather, a clutch of vulnerabilities has landed these devices on CISA’s advisories page, and not in the...

Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector...

Original release date: July 01, 2017 | Last revised: July 28, 2017 Systems Affected Microsoft Windows operating systems Overview This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant. The...

Original release date: April 27, 2017 | Last revised: May 14, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses...