Tag Exfiltration

April 26, 2025

Hello all, Surprisingly, it was a quiet week as far as major vulnerabilities and reveals are concerned. I suspect that the juicy stuff is being held back so that it can be revealed at the RSA conference that starts on…

April 19, 2025

Hello all, I was expecting a quieter week, but I was surprised by how many serious vulnerabilities were revealed, and about the drama surrounding MITRE and their CVE contract, spawning at least two new numbering authority prospects in response. I…

April 12, 2025

Hello all, This past week was Patch Tuesday for Microsoft and several other vendors. Apparently feeling that it should be Patch Week instead of just one day, Juniper and VMware chose different days to unleash required fixes. There’s lots of…

April 5, 2025

Hello all, Apache had a bad week with two vulnerabilities, the first in Parquet, and the second in Tomcat. Ivanti has another zero-day, Apple updated a lot of items, CrushFTP has some drama going on, and Microsoft celebrated 50 years.…

March 29, 2025

(For a video version of my introductory comments, click here.) Hello all, This has been an interesting week with the variety of severe vulnerabilities reported, and the types and numbers of breached or compromised organizations, some of which are massive.…

March 15, 2025

(For a video version of the introduction below, click here) Hello all, Patch Tuesday from Microsoft and others came in with the March winds and left us a bit of a mess. Microsoft has six zero-days and six critical updates.…

February 8, 2025

(For a video of the introduction below, click here) Hello all, Last week didn’t bring us too many surprises. DeepSeek’s AI model is proving to be effective, but their security and AI guardrails have been demonstrated to be practically nonexistent.…

December 7, 2024

Hello all, It has been a busy week with security related news. The Chinese hack into telecommunication providers continues to dominate, with government agencies urging everyone to use encrypted messaging and communication apps and processes due to the depth and…

October 26, 2024

Hello all, This week’s news has an unusual number of items related to firewalls and networking equipment. Cisco, Fortinet, and SonicWall are all under active attack for known vulnerabilities and are being exploited successfully by malactors to gain unauthorized access…

September 6, 2024

Hello all, Most of us in the United States celebrated Labor Day, and the unofficial end of Summer with a much-deserved day off from work. It was a welcome respite to enjoy the company of friends, family, and if you…

August 31, 2024

Hello all, For those is the USA, I pray that you’ve returned from the long holiday weekend refreshed and did not discover a poorly written note on your computers advising you that your company has been subjected to a post-paid…

August 17, 2024

Hello all, I didn’t expect the massive amounts of vulnerabilities and software defects that were announced, and mostly fixed, this past week. I did expect a goodly volume, since it was Patch Tuesday, but not that many. The biggest surprise…