Crowdstrike BLOG
  • Featured
    • Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      Dec 04, 2025
    • Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      Dec 04, 2025
    • CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      Dec 02, 2025
    • Transform AWS Security Operations with Falcon Next-Gen SIEM
      Transform AWS Security Operations with Falcon Next-Gen SIEM
      Dec 01, 2025
  • Recent
    • Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      Dec 04, 2025
    • Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      Dec 04, 2025
    • CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      Dec 02, 2025
    • Transform AWS Security Operations with Falcon Next-Gen SIEM
      Transform AWS Security Operations with Falcon Next-Gen SIEM
      Dec 01, 2025
  • Video
    • Video Highlights the 4 Key Steps to Successful Incident Response
      Video Highlights the 4 Key Steps to Successful Incident Response
      Dec 02, 2019
    • Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]
      Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]
      Feb 21, 2019
    • Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO]
      Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO]
      Jan 22, 2019
    • Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]
      Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]
      Aug 20, 2018
  • Category
    • Artificial Intelligence
      Artificial Intelligence
      Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems
      12/04/25
      CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      CrowdStrike Leverages NVIDIA Nemotron in Amazon Bedrock to Advance Agentic Security
      12/02/25
      CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
      CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
      11/20/25
      To Stop AI-Powered Adversaries, Defenders Must Fight Fire with Fire
      To Stop AI-Powered Adversaries, Defenders Must Fight Fire with Fire
      11/17/25
    • Cloud & Application Security
      Cloud & Application Security
      CrowdStrike Unveils Real-Time Cloud Detection and Response Innovations
      CrowdStrike Unveils Real-Time Cloud Detection and Response Innovations
      12/01/25
      New User Experience Transforms Interaction with the Falcon Platform
      New User Experience Transforms Interaction with the Falcon Platform
      10/21/25
      How Falcon ASPM Secures GenAI Applications and Lessons from Dogfooding
      How Falcon ASPM Secures GenAI Applications and Lessons from Dogfooding
      09/30/25
      CrowdStrike Named a Frost Radar™ Leader in Cloud Workload Protection Platforms
      CrowdStrike Named a Frost Radar™ Leader in Cloud Workload Protection Platforms
      09/25/25
    • Threat Hunting & Intel
      Threat Hunting & Intel
      Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      12/04/25
      CrowdStrike 2025 European Threat Landscape Report: Extortion Rises, Nation-State Activity Intensifies
      CrowdStrike 2025 European Threat Landscape Report: Extortion Rises, Nation-State Activity Intensifies
      11/03/25
      CrowdStrike 2025 APJ eCrime Landscape Report: A New Era of Threats Emerges
      CrowdStrike 2025 APJ eCrime Landscape Report: A New Era of Threats Emerges
      10/20/25
      CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
      CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
      10/06/25
    • Endpoint Security & XDR
      Endpoint Security & XDR
      Defeating BLOCKADE SPIDER: How CrowdStrike Stops Cross-Domain Attacks
      Defeating BLOCKADE SPIDER: How CrowdStrike Stops Cross-Domain Attacks
      11/18/25
      Falcon for XIoT Innovations Improve Speed and Visibility in OT Networks
      Falcon for XIoT Innovations Improve Speed and Visibility in OT Networks
      11/05/25
      CrowdStrike Falcon Achieves 100% Protection and Accuracy in SE Labs Endpoint Protection Evaluation
      CrowdStrike Falcon Achieves 100% Protection and Accuracy in SE Labs Endpoint Protection Evaluation
      10/29/25
      Ransomware Reality: Business Confidence Is High, Preparedness Is Low
      Ransomware Reality: Business Confidence Is High, Preparedness Is Low
      10/21/25
    • Engineering & Tech
      Engineering & Tech
      EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware
      EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware
      09/03/25
      Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS
      Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS
      08/20/25
      CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting
      CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting
      08/11/25
      CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability
      CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability
      03/20/25
    • Executive Viewpoint
      Executive Viewpoint
      The Dawn of the Agentic SOC: Reimagining Cybersecurity for the AI Era
      The Dawn of the Agentic SOC: Reimagining Cybersecurity for the AI Era
      09/26/25
      CrowdStrike Falcon Platform Evolves to Lead the Agentic Security Era
      CrowdStrike Falcon Platform Evolves to Lead the Agentic Security Era
      09/16/25
      CrowdStrike to Acquire Pangea to Secure Enterprise AI Use and Development
      CrowdStrike to Acquire Pangea to Secure Enterprise AI Use and Development
      09/15/25
      CrowdStrike to Acquire Onum to Transform How Data Powers the Agentic SOC
      CrowdStrike to Acquire Onum to Transform How Data Powers the Agentic SOC
      08/27/25
    • From The Front Lines
      From The Front Lines
      CrowdStrike Named a Leader in 2025 IDC MarketScape for Worldwide Incident Response Services
      CrowdStrike Named a Leader in 2025 IDC MarketScape for Worldwide Incident Response Services
      08/27/25
      CrowdStrike Launches New AI Security Services to Strengthen AI Security and SOC Readiness
      CrowdStrike Launches New AI Security Services to Strengthen AI Security and SOC Readiness
      08/06/25
      CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
      CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
      07/21/25
      Prescription for Protection: Healthcare Industry Observations from CrowdStrike Investigations
      Prescription for Protection: Healthcare Industry Observations from CrowdStrike Investigations
      07/01/25
    • Next-Gen Identity Security
      Next-Gen Identity Security
      CrowdStrike Named Overall Leader in 2025 KuppingerCole ITDR Leadership Compass
      CrowdStrike Named Overall Leader in 2025 KuppingerCole ITDR Leadership Compass
      11/10/25
      CrowdStrike Named the Leader in 2025 Frost Radar for SaaS Security Posture Management
      CrowdStrike Named the Leader in 2025 Frost Radar for SaaS Security Posture Management
      10/27/25
      From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
      From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
      10/22/25
      CrowdStrike Advances Next-Gen Identity Security with Three Key Innovations
      CrowdStrike Advances Next-Gen Identity Security with Three Key Innovations
      09/18/25
    • Next-Gen SIEM & Log Management
      Next-Gen SIEM & Log Management
      Transform AWS Security Operations with Falcon Next-Gen SIEM
      Transform AWS Security Operations with Falcon Next-Gen SIEM
      12/01/25
      CrowdStrike Leads New Evolution of Security Automation with Charlotte Agentic SOAR
      CrowdStrike Leads New Evolution of Security Automation with Charlotte Agentic SOAR
      11/05/25
      CrowdStrike Named a Visionary in 2025 Gartner® Magic Quadrant™ for Security Information and Event Management
      CrowdStrike Named a Visionary in 2025 Gartner® Magic Quadrant™ for Security Information and Event Management
      10/10/25
      CrowdStrike Boosts SOC Detection Content with Correlation Rule Template Discovery Dashboard
      CrowdStrike Boosts SOC Detection Content with Correlation Rule Template Discovery Dashboard
      09/29/25
    • Public Sector
      Public Sector
      CrowdStrike Achieves FedRAMP® High Authorization
      CrowdStrike Achieves FedRAMP® High Authorization
      03/19/25
      NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model
      NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model
      03/13/25
      Zero Trust Strengthens Data Protection to Achieve National Cyber Strategy Goals
      Zero Trust Strengthens Data Protection to Achieve National Cyber Strategy Goals
      01/15/25
      CrowdStrike Statement on Bloomberg’s October 25, 2024 Story
      CrowdStrike Statement on Bloomberg’s October 25, 2024 Story
      10/25/24
    • Exposure Management
      Exposure Management
      From Vulnerability Management to Exposure Management: The Platform Era Has Arrived
      From Vulnerability Management to Exposure Management: The Platform Era Has Arrived
      11/13/25
      November 2025 Patch Tuesday: One Zero-Day and Five Critical Vulnerabilities Among 63 CVEs
      November 2025 Patch Tuesday: One Zero-Day and Five Critical Vulnerabilities Among 63 CVEs
      11/12/25
      How the Falcon Platform Delivers Fast, CISO-Ready Executive Reports
      How the Falcon Platform Delivers Fast, CISO-Ready Executive Reports
      11/07/25
      How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
      How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
      10/17/25
    • Small Business
      Small Business
      SMB Security Survey Reveals High Awareness, Lagging Protection
      SMB Security Survey Reveals High Awareness, Lagging Protection
      05/05/25
      One Year of Falcon Go: Transforming Cybersecurity for Small Businesses
      One Year of Falcon Go: Transforming Cybersecurity for Small Businesses
      12/03/24
      CrowdStrike Strengthens SMB Security with Seamless Mobile Protection
      CrowdStrike Strengthens SMB Security with Seamless Mobile Protection
      11/21/24
      Small Business, Big Defense: Four Pillars of an Effective Cybersecurity Awareness Program
      Small Business, Big Defense: Four Pillars of an Effective Cybersecurity Awareness Program
      10/14/24
    • Data Protection
      Data Protection
      Falcon Data Protection for Cloud Extends DSPM into Runtime
      Falcon Data Protection for Cloud Extends DSPM into Runtime
      11/20/25
      CrowdStrike Stops GenAI Data Leaks with Unified Data Protection
      CrowdStrike Stops GenAI Data Leaks with Unified Data Protection
      09/18/25
      Q&A: How Mastronardi Produce Secures Innovation with CrowdStrike
      Q&A: How Mastronardi Produce Secures Innovation with CrowdStrike
      02/14/25
      5 Key Data Protection Challenges and How to Overcome Them
      5 Key Data Protection Challenges and How to Overcome Them
      12/11/24
  • Start Free Trial
  • Featured
  • Recent
  • Video
  • Category
  • Start Free Trial

Tom Kahana

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

October 22, 2025

Tom Kahana Next-Gen Identity Security

In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from […]

    Categories
    • Artificial Intelligence
      46
    • Cloud & Application Security
      137
    • Data Protection
      18
    • Endpoint Security & XDR
      331
    • Engineering & Tech
      84
    • Executive Viewpoint
      176
    • Exposure Management
      110
    • From The Front Lines
      197
    • Next-Gen Identity Security
      61
    • Next-Gen SIEM & Log Management
      108
    • Public Sector
      40
    • Small Business
      11
    • Threat Hunting & Intel
      206
    CONNECT WITH US
    background pattern
    FEATURED ARTICLES
    October 01, 2024
    CrowdStrike Named a Leader in 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
    September 25, 2024
    Recognizing the Resilience of the CrowdStrike Community
    September 25, 2024
    CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection
    September 18, 2024
    SUBSCRIBE

    Sign up now to receive the latest notifications and updates from CrowdStrike.

    Created with Sketch.
    See CrowdStrike Falcon® in Action

    Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection.

    See Demo
    logo
    • Copyright © 2025 CrowdStrike
    • Privacy
    • Request Info
    • Blog
    • Contact Us
    • 1.888.512.8906
    • Accessibility