Tag: ASP.NET Core
-
The Critical 9.1 Flaw in ASP.NET Core that Turns Cookies into Master Keys
An unforeseen regression within a software update has inadvertently caused a security mechanism to serve as a gateway for adversaries. In a decisive response, Microsoft has disseminated emergency remediations to rectify a formidable vulnerability within the ASP.NET Core framework. The flaw, designated as CVE-2026-40372 and carrying a critical CVSS score of 9.1, resided within the…
-
.NET 10 (Preview 7): Microsoft Unveils WebSocket Streaming and Passkey Support
Microsoft has released the seventh preview of .NET 10 (Preview 7), introducing updates to its runtime and frameworks. Among the most notable enhancements are a new wrapper that exposes WebSocket connections through a streaming interface, streamlined passkey authentication in ASP.NET Core, and expanded functionality with bug fixes in .NET MAUI (Multi-platform App UI). The most…
-
Microsoft Revamps .NET Bug Bounty Program, Offering Up to $40K for Critical Flaws
Microsoft has announced sweeping enhancements to its vulnerability rewards program for the .NET platform, significantly broadening its scope and increasing compensation for valid discoveries. Security researchers can now earn up to $40,000 for critical bugs identified in .NET and ASP.NET Core, including components such as Blazor and Aspire. The company emphasizes that the revised structure…