ntlm leakage

Microsoft’s security channels have logged CVE-2026-20872 as an NTLM hash disclosure / spoofing vulnerability tied to File Explorer and preview/metadata handling — a class of bug that repeatedly enables low‑interaction credential leakage by coaxing Windows clients to authenticate to...

Apache HTTP Server has a Windows-only Server-Side Request Forgery (SSRF) flaw that can be forced to make the server connect to attacker-controlled UNC (SMB) targets and thereby leak NTLM authentication material — a vulnerability tracked as CVE-2025-59775 and fixed in Apache httpd 2.4.66...

The File Explorer preview pane in Windows has been deliberately neutered for internet-downloaded files after security researchers and Microsoft found a practical way for preview handlers to coax NTLM authentication material out of a running system — a low‑interaction path that could leak NTLM...

Microsoft has turned off File Explorer’s Preview pane for files tagged as coming from the internet, a deliberate security hardening shipped in the October 2025 security rollup that trades a decades‑old convenience for protection against a subtle but real credential‑leak attack vector. Background...

A critical vulnerability in DotNetNuke (DNN), catalogued as CVE-2025-52488, has placed the spotlight on the complex interplay of Windows file system operations, .NET behavior, and subtle Unicode normalization pitfalls. Although DNN is recognized for its robust enterprise-ready architecture and...