For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches that should be deployed ASAP.
Ars Technica

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development ...
24/7 Wall St

NET Down 12%, SNOW Down 9%, NOW Down 7%: The Market Just Repriced the Entire Software Sector on AI Agent Fears

Cloudflare (NET), Snowflake (SNOW), and ServiceNow (NOW) stocks plunged amid enterprise software sector repricing on AI agent threats from Anthropic and OpenAI. Cloudflare’s infrastructure sits at the ...
Computer Weekly

Microsoft patches zero-days in .NET and SQL Server

Two zero-day flaws in the form of a denial of service (DoS) issue in .NET and an elevation of privilege (EoP) issue in SQL Server top the agenda for security teams in Microsoft’s latest monthly Patch ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
9to5Mac

Apple’s new AI server chips are reportedly coming this year

Apple just struck a big deal with Google to power future AI features, and now per Ming-Chi Kuo, it sounds like the company is gearing up to mass-produce its in-house AI server chips soon. Apple’s self ...
Neowin

Microsoft warns IT admins that Windows Server 2025 is the last edition to support WINS0 0

Microsoft regularly deprecates and eventually removes legacy components from Windows SKUs, typically due to security issues, low usage, or the presence of better alternatives. One such example is WINS ...
Bleeping Computer

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...
CSOonline

Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

The Kestrel web server flaw allows request smuggling attacks, but the actual risk depends on the application code and deployment. Microsoft has patched a critical vulnerability in ASP.NET Core that ...
SecurityWeek

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. Microsoft’s October Patch Tuesday updates addressed a critical-severity ...
Forbes

Microsoft Emergency Server Update Not Enough To Stop Attacks

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...