April 19, 2025

(For a video version of the opening comments below, click this link) Hello all, I was expecting a quieter week, but I was surprised by how many serious vulnerabilities were revealed, and about the drama surrounding MITRE and their CVE contract, spawning at least two new numbering authority prospects in response.…

April 12, 2025

(For a video version of the introduction below, click here.) Hello all, This past week was Patch Tuesday for Microsoft and several other vendors. Apparently feeling that it should be Patch Week instead of just one day, Juniper and VMware chose different days to unleash required fixes. There’s lots of other…

Q1 2025 Security Trends Report

Q1 2025 Security Trends Report Below are links to items presented. State Sponsored Breaches and Embedding: Phishing, Spear-Phishing, Whaling, Vishing, Quishing, and Smishing Password Hacking, Account Takeovers and MFA bypass: AI, Voice-cloning, Deepfakes, and Vulnerabilities …

April 5, 2025

(Click here to see a video version of this week’s introduction) Hello all, Apache had a bad week with two vulnerabilities, the first in Parquet, and the second in Tomcat. Ivanti has another zero-day, Apple updated a lot of items, CrushFTP has some drama going on, and Microsoft celebrated 50 years.…

March 29, 2025

(For a video version of my introductory comments, click here.) Hello all, This has been an interesting week with the variety of severe vulnerabilities reported, and the types and numbers of breached or compromised organizations, some of which are massive. Headline NEWS: In Ransomware, Malware, and Vulnerabilities News: In Other News…

March 22, 2025

(For a video version of the introduction below, click here) Hello all, Unlike last week’s patch-release frenzy, things dropped back to our normal harried pace this week. We did receive warnings about some pretty nasty defects from the likes of IBM, Synology, TP-Link, Veeam, and WhatsApp, just to name a few.…

March 15, 2025

(For a video version of the introduction below, click here) Hello all, Patch Tuesday from Microsoft and others came in with the March winds and left us a bit of a mess. Microsoft has six zero-days and six critical updates. A large quantity of other vendors, such as, Adobe, AMD, Apple,…

March 8, 2025

(Click here for a video version of the introduction) Hello all, Microsoft continued to have some sporadic issues this past week, but nowhere near as widespread as they had the prior weekend. Hopefully, by the time this makes it to you, they’ve fixed things. Speaking of fixing things, On Tuesday, Broadcom…

March 1, 2025

For a video version of the introduction below, click here. Hello all, This past Saturday, much of the world experienced Microsoft service disruptions. Big Redmond has now restored services, blaming the failure on a code change saying that they’ve “reverted the suspected code to alleviate impact.” The Bybit $1.5 billion crypto…

February 22, 2025

(For a video version of the introduction below, go to my LinkedIn post.) Hello all, This was somewhat of an interstitial week with less headline defects and vulnerabilities, but it was balanced by plenty of other news items. Some of the more significant were Apple’s decision to cripple security for their…

February 15, 2025

(Select here for a video version of my introductory comments from below) Hello all, Patch Tuesday came in with only a small bang this month with 4 zero days, two of which are under active exploitation, and 55 flaws. A good number of other vendors also released fixes for defects in…