Iis Security
The latest Iis Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
ReliaQuest Exposes OP-512: Chinese Hackers Use Modular IIS Web Shells to Steal Credentials
A sophisticated three-part web shell framework, linked to Chinese threat actors and tracked as OP-512, is actively compromising Internet Information Services (IIS) servers, according to research...
HTTP/2 Bomb DoS uses HPACK and flow control to crash nginx, Apache, IIS servers
A new denial-of-service technique can crash web servers by exhausting their memory, security researchers from California revealed in early June 2026. Dubbed HTTP/2 Bomb, the attack exploits...
Microsoft Patches Critical IIS Vulnerability CVE-2025-59282 in Inbox COM Objects
Microsoft has addressed a critical security vulnerability in Internet Information Services (IIS) that could allow local code execution through legacy Inbox COM Objects. The flaw, tracked as...
CVE-2025-0994 in Trimble Cityworks enables unauthenticated SYSTEM-level RCE across versions 2023.1–2024.3
A critical vulnerability (CVE-2025-0994) has been discovered in Trimble's Cityworks asset management platform, exposing systems to remote code execution (RCE) attacks through insecure deserialization...