samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 — SentinelCore Defensive Toolkit !Statushtt...

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 ██████╗██╗ ██╗███████╗ ██╗ ██╗ ██╗...

Astra Linux - уязвимость в samba

A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...

April 19, 2026—KB5091572 (OS Build 14393.9062) Out-of-band

April 19, 2026—KB5091572 OS Build 14393.9062 Out-of-band Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if...

April 19, 2026—KB5091575 (OS Build 20348.5024) Out-of-band

April 19, 2026—KB5091575 OS Build 20348.5024 Out-of-band ​​​​​​​Announcements and messages This section provides key notifications related to this release, including announcements, change logs, and end-of-support notices. Windows Secure Boot certificate expiration Windows Secure Boot certificate...

April 19, 2026—KB5091573 (OS Build 17763.8647) Out-of-band

April 19, 2026—KB5091573 OS Build 17763.8647 Out-of-band Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if...

April 19, 2026—KB5091571 (OS Build 25398.2276) Out-of-band

April 19, 2026—KB5091571 OS Build 25398.2276 Out-of-band Summary This out-of-band update for Windows Server, version 23H2 KB5091571 is cumulative. It includes fixes and improvements that are part of the following update: April 14, 2026—KB5082060 OS Build 25398.2274 The following is a summary of t...

April 19, 2026—KB5091157 (OS Build 26100.32698) Out-of-band

April 19, 2026—KB5091157 OS Build 26100.32698 Out-of-band ​​​​This out-of-band OOB update for Windows Server 2025 KB5091157 is a non-security cumulative update. Improvements This out-of-band update contains quality improvements from KB5082063 released April 14, 2026. The following summary outline...

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

Exploit for Improper Access Control in Microsoft

🔧 CVE-2025-33073 - Simple Tool for Easy Exploitation 🚀 Get...

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's...

EUVD-2019-6007

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-14902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the...

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

A novel attack technique could be weaponized to rope thousands of public domain controllers DCs around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service DDoS attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and...

Linux Distros Unpatched Vulnerability : CVE-2023-4154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only...

PT-2025-6314 · Microsoft · Digest Authentication +1

Name of the Vulnerable Software and Affected Versions: Microsoft Digest Authentication affected versions not specified Description: The issue allows remote attackers to execute arbitrary code and affect the system. It is noted that any authenticated attacker could trigger this issue on domain...

PT-2025-42432

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.21.9, 4.21.5, and 4.23.2 Description A critical flaw exists in Samba, specifically in the handling of WINS hook requests. The vulnerability occurs because NetBIOS names received in WINS registration packets are passed...

PT-2024-6729 · Microsoft · Windows Netlogon +1

Name of the Vulnerable Software and Affected Versions: Windows Netlogon affected versions not specified Description: The vulnerability in Windows Netlogon is related to deficiencies in the authentication procedure, allowing a remote attacker to elevate their privileges. It involves predicting the...