June 28, 2025
Hello all, As we close out the first half of the year, there were a number of new vulnerability and defects revealed that need attention. We must stay diligent to remediate, patch, and mitigate these issues as they arise. On…
Tag Threat Actor
June 7, 2025
Hello all, With the Patch Tuesday onslaught coming next week, I was happy to see that this was another somewhat quiet week as far as vulnerabilities and zero-day reveals are concerned. Last month I was quite wrong in my prediction…
May 31, 2025
Hello all, It seemed to me that this week was mercifully quiet on the global scale, with fewer massive holes and defects being revealed. That’s not so say that dirtbags took the week off, oh no, they already have plenty…
May 24, 2025
Hello all, It was a busy news week with a nice smattering of good news of indictments and takedowns of threat actors and their infrastructure. Pwn2Own Berlin concluded with 29 zero-days being utilized. Some have already been patched, others are…
May 10, 2025
Hello all, After a slow start to the week, we closed it out with a few very serious vulnerabilities made public by Cisco, SonicWall, and Ubiquiti. This coming week is Patch Tuesday and if historic numbers are a valid guide,…
May 3, 2025
Hello all, Last week was “World Password Week”. However, this year many tech giants chose, to replace “password” with “passkey”. In fact, on what was World Password Day, Microsoft announced that all new Microsoft accounts will now be passwordless, use…
April 26, 2025
Hello all, Surprisingly, it was a quiet week as far as major vulnerabilities and reveals are concerned. I suspect that the juicy stuff is being held back so that it can be revealed at the RSA conference that starts on…
April 19, 2025
Hello all, I was expecting a quieter week, but I was surprised by how many serious vulnerabilities were revealed, and about the drama surrounding MITRE and their CVE contract, spawning at least two new numbering authority prospects in response. I…
April 12, 2025
Hello all, This past week was Patch Tuesday for Microsoft and several other vendors. Apparently feeling that it should be Patch Week instead of just one day, Juniper and VMware chose different days to unleash required fixes. There’s lots of…
Q1 2025 Security Trends Report
Below are links to items presented. State Sponsored Breaches and Embedding: Phishing, Spear-Phishing, Whaling, Vishing, Quishing, and Smishing Password Hacking, Account Takeovers and MFA bypass: …
April 5, 2025
Hello all, Apache had a bad week with two vulnerabilities, the first in Parquet, and the second in Tomcat. Ivanti has another zero-day, Apple updated a lot of items, CrushFTP has some drama going on, and Microsoft celebrated 50 years.…
March 29, 2025
(For a video version of my introductory comments, click here.) Hello all, This has been an interesting week with the variety of severe vulnerabilities reported, and the types and numbers of breached or compromised organizations, some of which are massive.…