Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft has released an emergency out of band update for.NET to address a critical security vulnerability affecting ASP.NET Core applications. The issue, tracked as CVE-2026-40372, relates to improper verification of cryptographic signatures within the ASP.NET Core Data Protection framework. The vulnerability was introduced as a regression in earlier.NET 10 releases and has prompted the release of.NET 10.0.7 to mitigate risk.

In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.