惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

GoPenAI - Medium

Group Relative Policy Optimization (GRPO) Your agent fleet can build trustworthy state with their own keys Epistemic Backbone #1: Why AI Systems Need Shared Memory, Not Just Models Transformers Beyond NLP: Fun and Trendy Use Cases Your First Transformer: The Road to Attention Part 4. From Seats to Agents: Early Evidence on the Future of Work in the Agentic AI Era The AI Trust Gap: Why Faster Code Is Creating Less Confidence From Bytes to BPE: A From-Scratch Tour of LLM Tokenization ️ Grok Voice Think Fast 1.0: The First Voice AI That Actually Thinks While Talking Writing Custom Pallas Kernels for vLLM on TPU — A Step-by-Step Guide Contrastive Learning Day 39: Advanced Ensemble Learning Techniques — Stacking, Random Forest, AdaBoost, and Gradient… Localization: Beyond Translation, Into the Territory of Growth Hacking Can We Translate Our Sentiments? Training the first modern architecture encoder for South Slavic languages What Is Data, and Why Does It Matter for AI? A Complete Guide to Prompt Engineering: Best Practices & Tips DeepSeek TileKernels: The Hidden Tech Making AI Models Insanely Fast Can AI Growth Really Become Economic Growth? Evaluating API Test Generation Across Leading AI Tools Pin Clustering in .NET MAUI Maps: Finally Making Maps Usable (With Example) Unsupervised Learning What is an LLM? Tokens, Context Window, and Why They Matter Build a reactive AI agent harness — Part 1. Conversation. From Hallucination to Citation… RAG Made Simple: How AI Finds the Right Answers CLI Coding Agents Tierlist Google Deep Research Max: Build Autonomous AI Research Agents Hermes Agent vs Every AI Assistant: Why Memory Changes Everything I Watched a Startup Burn $1,200 in a Week. The Culprit Was 800 Tokens. Fine-Tuning LLMs Explained: How Companies Teach AI to Think Like Them ️ xAI Just Dropped the Fastest Voice AI Ever Essential Code Patterns in Generative Artificial Intelligence Exploratory Data Analysis: A basic Understanding Day 36: Introduction to Ensemble Learning — Why Multiple Models Perform Better than One Concept to build a Student IQ — Agent Framework Workflow + Microsoft Foundry Agents 20 API Concepts Every Software Engineer Should Know From Human-Feedback Control to Declared No-Meta Agency: A Scientific Exposition GPT-5.5 Is Here — And It’s Not Just Smarter… It Works For You Test Cases in Data Science Projects: A Basic Understanding Q, K, V: The Three Matrices That Quietly Run Every Modern LLM Artificial Intelligence UseCases in Testing A Comprehensive Guide for Beginners into Artificial Intelligence Day 33: DBSCAN — Clustering Beyond Boundaries The Attention Breakthrough — How Language Models Finally Learned to Focus I rebuilt Strava (and Strava Premium) for fun, and now I want your feedback .NET April 2026 Updates: The Kind of Release You Should Never Ignore .NET 11 Preview 3: Small Changes That Quietly Improve Everything ChatGPT Images 2.0 Isn’t an Update — It’s a Revolution Claude Mythos: The AI Model Too Powerful to Release Basic Understanding of Key Parameters: Artificial Intelligence Part-2 Kimi K2.6: The Most Powerful Open-Source LLM Is Here (And It’s Not What You Expect) Elephant in the room — Openrouter’s Elephant-Alpha I Built a RAG System From Scratch in 4 Weeks — Here’s Everything I Learned Graphify: Build a Knowledge Graph From Your Entire Codebase — Without Sending Your Code to Anyone Deep Learning Interview Q&A Part -1 Deep Learning Interview Q&A Part -2 Anthropic Just Launched Claude Routines Microsoft Just Dropped a Cheaper AI Image Model — And This Changes Everything Building a Local-first Knowledge Management System with LLM and Obsidian Basic Understanding of Key Parameters: Artificial Intelligence Part-1 Copy These 7 Prompt Formulas and Never Struggle With AI Again Claude Opus 4.7 vs Mythos — The Benchmark Truth Nobody Explains The ROI on Reading is Broken. I Built an AI Learning OS to Fix It Beyond Scatter: Metrics That Allows to Measure Creativity in LLMs. Banish the RNN: The Road To Attention Part 3. You Typed a Few Words. The AI Painted a World. Here’s Exactly How. 46% of Code Is Now AI-Generated. The Other 54% Is the Part That Will Get You Fired. Claude Opus 4.7: The Quiet Leap Toward Autonomous AI Workflows Is bitnet.cpp the Game Changer for Running LLMs on Your Laptop? Machine Learning Algorithms : A Comprehensive Guide Building REPI (Real Estate Pain Point Intelligence Platform) — From Scraping 5 Noisy Data Sources… Hermes Agent: The AI That Actually Remembers You (Not Another OpenClaw) MiniMax M2.7 Just Went Open-Weight — Run a Powerful AI Agent on Your Own Machine XML Is Everywhere — You Just Never Noticed It The Missing Infrastructure for GUI Agents: Unpacking the ClawGUI Framework Wayfarer: Building an AI-Powered Travel Intelligence Platform with Agentic Orchestration, Bayesian… Attention from First Principles: DeltaNet Project Glasswing and Claude Mythos Preview: Anthropic’s Bet on AI-Powered Cyber Defense Deep Learning-Based Binary Classification of Forest Fires GenAI Q and A Interview Questions Part -2 How Google Maps Knows There Is Traffic Before You Even Reach There 5 AI Freelance Services Clients Actually Pay For I Accidentally Built a World Where AIs Govern Themselves (And I Have No Idea What’s Happening… Meta’s “Compute Desk” Is the Tell: When AI Stops Being Software and Becomes Resource Strategy The Last Human Stronghold Falls: Inside the GrandCode Multi-Agent System ASP.NET Core 2.3 End of Support: What It Really Means for Developers Andrej Karpathy’s LLM Wiki: The Idea That Could Kill RAG Forever I Built an Open-Source Kubernetes Control Plane for AI Agents. Here’s What It Took. GLM-5.1 Just Changed Coding Forever — The AI That Gets Smarter the Longer It Works Goodbye Llama? Meta Just Dropped Muse Spark — And It Changes Everything Anthropic Accidentally Leaked All of Claude Code’s Source Code Stop Sending Your Data to the Cloud — Build This Instead Today Physical AI Cosmos Reason2 2B World Model inference in Azure Machine Learning LangChain vs LlamaIndex vs LangGraph: The Difference Nobody Explains Clearly Cloud Services Interview Q and A Part- 1 Cloud Services Interview Q and A Part- 2 Gemma-4 — disabling thinking with gemma-4–26b-a4b-it Mixture of Experts Explained: The Secret Architecture Making AI 10x Smarter Without Using 10x More… Diffusion Models Demystified: How AI Paints Masterpieces from Pure Noise (No Math Needed)
.NET 10.0.7 OOB Security Update: The Kind of Bug You Can’t Afford to Ignore
Kavathiyakhu · 2026-05-02 · via GoPenAI - Medium
A few days ago, Microsoft released something unusual. Not a scheduled update. Not a monthly patch. 👉 An out-of-band (OOB) security update for .NET 10. And whenever you see an OOB release, it usually means one thing: 👉 Something important needs immediate attention. What Triggered This Update? It all started after the regular .NET 10.0.6 release. Developers began reporting strange issues: Decryption failures Unexpected behavior in applications At first, it looked like a regression. But as Microsoft investigated further, they discovered something more serious: 👉 The issue wasn’t just a bug — it was a security vulnerability ( Microsoft for Developers ) The Core Problem (Simplified) The issue was found in: 👉 Microsoft.AspNetCore.DataProtection This is not just another package. It’s responsible for protecting critical application data like: Authentication cookies Tokens Sensitive payloads And here’s what went wrong: 👉 The encryption system could validate data incorrectly 👉 In some cases, it could accept tampered data as valid ( Microsoft for Developers ) Why This Is Serious This vulnerability is tracked as: 👉 CVE-2026–40372 And it’s not a minor issue. In affected versions (10.0.0 → 10.0.6): Attackers could potentially bypass validation Authentication data could be forged Privileges could be escalated ( Cryptika Cybersecurity ) Think about that for a second. 👉 If authentication data can be trusted incorrectly, your entire application’s security model is at risk. A Simple Scenario (Real-World Thinking) Imagine your application uses authentication cookies. Normally: 👉 The server trusts those cookies because they’re encrypted and validated But with this bug: 👉 A modified cookie might still be accepted Now your system could: Trust a fake user Grant access incorrectly Execute privileged actions And the worst part? 👉 You might not even notice immediately. Why Microsoft Released an “OOB” Update Normally, .NET updates are released on Patch Tuesday . But this time was different. Microsoft released .NET 10.0.7 immediately because: 👉 The issue affected a core security component 👉 It had real-world impact 👉 It couldn’t wait for the next cycle ( Microsoft ) This tells you everything you need to know about the severity. The Fix: What Changed? The update fixes: Incorrect HMAC validation Decryption failures Security vulnerability in Data Protection 👉 Restoring both functionality and security ( Microsoft for Developers ) What You Should Do (Important) If your application uses ASP.NET Core Data Protection: 👉 Update immediately to .NET 10.0.7 Steps: Install latest SDK/runtime Update NuGet packages Rebuild and redeploy Microsoft explicitly recommends upgrading as soon as possible ( Microsoft for Developers ) The Bigger Lesson This update highlights something critical about modern development: 👉 Security issues don’t always come from obvious places Sometimes, they come from: Core libraries Internal mechanisms Trusted components And when those fail: 👉 The impact is much bigger than a simple bug What Developers Should Learn from This This isn’t just about one update. It’s a reminder: Always monitor updates Never ignore security patches Treat OOB releases as urgent Because in production systems: 👉 Stability is important 👉 But security is critical Final Thoughts .NET 10.0.7 is not a feature update. It’s not something you install “later.” It’s the kind of update that reminds us: 👉 Even stable systems can have hidden risks 👉 Even small bugs can become major vulnerabilities And sometimes, the most important releases are the ones that come unexpectedly. 👉 Update early 👉 Stay secure 👉 Keep your systems trustworthy .NET 10.0.7 OOB Security Update: The Kind of Bug You Can’t Afford to Ignore was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.