Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Apr 22, 2026
Security & Infrastructure Tools
Microsoft Releases Emergency Patches for Critical ASP.NET Core Privilege Escalation Flaw
Microsoft issued out-of-band security updates to patch a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) that could allow attackers to forge authentication cookies and escalate to SYSTEM privileges. The flaw stems from a regression in DataProtection packages 10.0.0–10.0.6, where the HMAC validation used the wrong bytes, enabling forged payloads to bypass authenticity checks and decrypt prior payloads in auth cookies, antiforgery tokens, TempData, and OIDC state. If exploited, attackers could impersonate a privileged user and cause the app to issue legitimately signed tokens to themselves; those tokens remain valid after upgrading unless the DataProtection key ring is rotated. Microsoft urges updating Microsoft.AspNetCore.DataProtection to 10.0.7 and redeploying to reject forged payloads, and to rotate the key ring to invalidate any minted tokens. The advisory notes the vulnerability can also enable file disclosure and data modification, without impacting system availability. Related context includes earlier CVE-2025-55315 and other Windows Server updates released in April 2026.
By TechLogHub
Apr 22, 2026
Security & Infrastructure Tools
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
More than 1,300 Microsoft SharePoint servers remain online and unpatched against CVE-2026-32201, a spoofing vulnerability affecting SharePoint Server 2016, 2019, and Subscription Edition. Exploitation could allow attackers to view or modify sensitive data with a low-complexity, no-interaction attack, though it cannot disable access to the resource. Microsoft released patches in April 2026, but Shadowserver reports only a small number of systems have been updated. CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to patch by April 28 under BOD 22-01. The April Patch Tuesday also fixed 167 vulnerabilities, including two zero-days.
By TechLogHub
Apr 21, 2026
Security & Infrastructure Tools
French govt agency confirms breach as hacker offers to sell data
France’s ANTS agency confirms a data breach after a threat actor claimed access to the ants.gouv.fr portal, potentially exposing up to 19 million records. Exposed data include login IDs, full names, emails, dates of birth, unique account IDs, and some postal addresses, places of birth, and phone numbers, with the breach not granting portal access but enabling phishing risks. Authorities CNIL, the Paris Public Prosecutor, and ANSSI are involved, and the attacker has offered the data for sale; users are advised to stay vigilant for suspicious messages, with no action required at this time.
By TechLogHub
Apr 21, 2026
Security & Infrastructure Tools
KelpDAO Hit by $290 Million Heist Linked to Lazarus Hackers
North Korea’s Lazarus Group is suspected to have stolen about $290 million from KelpDAO by exploiting a compromised cross-chain verification layer to drain roughly 116,500 rsETH (around $293 million) and move funds through Tornado Cash. The attack also affected Compound and Euler, with Aave freezing rsETH deposits/borrowing. LayerZero and partners are investigating, with attribution pointing to Lazarus TraderTraitor. The breach appears isolated to rsETH with no broader contagion.
By TechLogHub