Microsoft has released a patch for CVE-2025-47978, a denial-of-service vulnerability in the Netlogon protocol, which affects Windows domain controllers. Named NOTLogon, this vulnerability allows low-privilege domain-joined machines to crash the domain controller with a crafted authentication request, leading to a complete reboot. It has a CVSS score of 6.5. Security researcher Dor Segal warned that such vulnerabilities can severely disrupt Active Directory operations. Additionally, Tenable's Satnam Narang urged CSOs to address CVE-2025-5777, known as CitrixBleed 2, which allows attackers to steal session tokens from Citrix NetScaler systems, potentially granting unauthorized network access even after patches are applied. Organizations are advised to review logs for suspicious activity and invalidate session tokens to prevent further exploitation.