Credential Leakage
The latest Credential Leakage coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-23370: Dell Sysman Linux Driver Stores Plaintext Passwords in Memory
A critical vulnerability in Dell's Linux WMI Sysman driver allows attackers to extract plaintext passwords from system memory through simple hex dumps. Designated CVE-2026-23370, this security flaw...
Windows LNK Security Flaws Exposed: 4 New Shortcut Spoofing Techniques Threaten Users
Windows shortcut files, those familiar .LNK icons that populate desktops and start menus, have once again emerged as a significant security vulnerability. Security researcher Wietze Beukema has...
CVE-2025-61594: Ruby URI Gem Vulnerability Bypasses Previous Fix, Exposing Credentials
A critical security vulnerability has been discovered in the widely used Ruby URI library that bypasses a previous patch and could lead to credential leakage in applications across the Ruby...
Flaw in Go’s HTTP Client Exposes Sensitive Headers on Redirect Chains: Patches Available, Windows Users Must Rebuild
A bug in the Go programming language’s standard HTTP client can inadvertently leak sensitive headers—like Authorization tokens and session cookies—to unintended servers during a specific...
Microsoft PC Manager Vulnerability Leaks Passwords — Patch Available
Microsoft has confirmed a troubling security flaw in PC Manager, its free system maintenance utility for Windows, that stores sensitive information in plain text, leaving credentials and other...
Windows OT Security Alert: Siemens Flaw CVE-2025-40757 Leaks Device Databases Over BACnet
A newly disclosed vulnerability in Siemens APOGEE PXC and TALON TC building automation controllers allows unauthenticated attackers to pull encrypted database files directly over the BACnet protocol,...
Exposed appsettings.json Files Unleash 'Master Key' to Azure Tenants via OAuth Token Abuse
A single, publicly exposed appsettings.json file containing Azure Active Directory (now Entra ID) application credentials can act as a master key to an organization’s entire cloud estate, security...
Patch Now: AVEVA PI Integrator Vulnerabilities Could Let Attackers Hijack OT Analytics
On August 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory warning of two high-severity vulnerabilities in AVEVA’s...
CVE-2025-33052: Critical Windows DWM Core Memory Leak Vulnerability Explained
Microsoft's Desktop Window Manager (DWM) has become the latest attack surface for potential data breaches with the discovery of CVE-2025-33052, a critical memory disclosure vulnerability in the DWM...
Enhancing Windows Security: Strategies to Harden NTLM Authentication and Safeguard Credentials in 2025
Introduction In the ever-evolving landscape of cybersecurity, legacy protocols like NTLM (NT LAN Manager) continue to pose significant security risks. Despite being deprecated, NTLM remains prevalent...
Microsoft Entra MACE bug locked thousands of accounts in April 2025 false alarm
In April 2025, Microsoft Entra ID, formerly known as Azure Active Directory, experienced a significant disruption when its new security feature, MACE Credential Revocation, inadvertently caused...