Learn about the new features introduced in .NET 10 for the runtime, libraries, and SDK. Also find links to what's new in other areas, such as ASP.NET Core.

A critical vulnerability, CVE-2025-55315, has been identified in ASP.NET's Kestrel web server, enabling HTTP Request Smuggling through chunk extensions. This vulnerability, discovered by a security researcher and rewarded with a $10,000 bounty, poses significant risks to ASP.NET applications. HTTP Request Smuggling allows attackers to manipulate HTTP requests, potentially leading to session hijacking, cache poisoning, and unauthorized data access. The vulnerability stems from improper handling of chunk extensions in Kestrel, a cross-platform web server for ASP.NET Core. Chunk extensions, part of the HTTP/1.1 protocol, can be exploited to craft malicious requests. Organizations using Kestrel should immediately update their systems to the latest version to mitigate this risk. Additionally, monitoring for unusual HTTP traffic patterns can help detect and prevent exploitation attempts. This discovery underscores the importance of securing HTTP protocols and the value of bug bounty programs in enhancing software security. The impact on the cybersecurity landscape is substantial, as Kestrel is widely used in ASP.NET Core applications. Cybersecurity professionals should prioritize patching and monitoring to protect against potential attacks exploiting this vulnerability.

Clean Architecture is a popular software development architecture which can be used in .NET apps. In this tutorial we are going to implement the Clean Architecure GitHub Repository by Steve “Ardalis” ...

How I unified a legacy ASP.NET Framework and .NET 8 codebase using conditional compilation and custom preprocessor directives.

In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it

A solo journey through architecture, refactoring, and modernization — from IIS on Windows to containerized .NET 8 on Linux.

Learn how to set up manage JSON Web Tokens in development with dotnet user-jwts

Build web apps and services that run on Windows, Linux, and macOS using C#, HTML, CSS, and JavaScript. Get started for free on Windows, Linux, or macOS.

QNAP has issued a critical warning about a vulnerability in its NetBak PC Agent software for Windows. The vulnerability, tracked as CVE-2025-55315, has a CVSS score of 9.9, indicating a severe risk. This flaw resides in the Kestrel server component of ASP.NET Core and allows low-privileged users to hijack credentials or bypass security measures through HTTP smuggling techniques. The Kestrel server is a lightweight, cross-platform web server designed for ASP.NET Core applications. HTTP smuggling is a technique where attackers manipulate HTTP requests to interfere with the server's processing, potentially leading to credential theft or unauthorized access. The high CVSS score underscores the urgency of addressing this vulnerability, as it poses significant risks to data security and system integrity. The impact of this vulnerability is substantial. Credential hijacking can lead to unauthorized access to sensitive information, while security bypass can allow attackers to gain elevated privileges or access restricted areas. The fact that low-privileged users can exploit this vulnerability makes it particularly dangerous, as it does not require high-level access to initiate an attack. QNAP has urged users to apply patches to mitigate this vulnerability. It is crucial for users to update their NetBak PC Agent to the latest version that includes the fix for CVE-2025-55315. Additionally, organizations should consider implementing additional security controls, such as network segmentation and intrusion detection systems, to further mitigate the risk of such vulnerabilities. This vulnerability highlights the importance of keeping software up-to-date, especially for critical applications like backup agents. Regular security audits and penetration testing can help identify and address vulnerabilities before they are exploited by attackers. Organizations should also ensure that their patch management processes are robust and timely to address such critical vulnerabilities promptly. In conclusion, the CVE-2025-55315 vulnerability in QNAP's NetBak PC Agent is a critical issue that requires immediate attention. Users should apply the necessary patches and consider additional security measures to protect their systems from potential exploitation.

🎯 Introduction Microsoft has rolled out an emergency security patch to address a severe vulnerability in ASP.NET Core, the backbone framework powering thousands of enterprise web applications. The flaw, tracked as CVE-2025-55315, holds a CVSS 3.1 score of 9.9, marking it as nearly catastrophic. It allows attackers to perform HTTP request smuggling attacks—a technique that can slip past authentication systems and firewall defenses with terrifying ease.

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device.