Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- The U.S. Cybersecurity and Infrastructure Security Agency has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation- A severe SQL injection vulnerability, identified as CVE-2026-42208, in BerriAI's LiteLLM Python package has been actively exploited by threat actors in the wild.- The ShinyHunters cybercriminal group has exploited a security incident at Anodot, an artificial intelligence-driven data analytics vendor, to access data from multiple clients, including Vimeo. - copy[dot]fail proof of concept requires only an unprivileged local user account for local privilege escalation to occur--Have a security topic you want us to cover? Let us know in the comments!--Sources:CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVhttps://thehackernews.com/2026/04/cisa-adds-actively-exploited.html--LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosurehttps://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html--ShinyHunters exploit Anodot incident to target Vimeohttps://securityaffairs.com/191448/security/shinyhunters-exploit-anodot-incident-to-target-vimeo.htmlChapters:0:00 Intro0:37 CISA KEV Additions: ConnectWise and Microsoft 3:26 LiteLLM SQL Injection Vulnerability 9:14 ShinyHunters Anodot Breach 11:42 Copy Fail

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- Microsoft has released its April 2026 Patch Tuesday updates, addressing a record 167 security vulnerabilities across its product portfolio.- Security researchers have identified prompt injection vulnerabilities in prominent enterprise artificial intelligence (AI) agents, specifically Microsoft Copilot Studio and Salesforce Agentforce.- Cybersecurity researchers have uncovered a widespread campaign involving 108 malicious Google Chrome browser extensions that have been actively stealing sensitive data from an estimated 20,000 users.--Have a security topic you want us to cover? Let us know in the comments!--Sources:-- Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-dayhttps://securityaffairs.com/190831/security/microsoft-patch-tuesday-for-april-2026-fixed-actively-exploited-sharepoint-zero-day.html-- Copilot and Agentforce fall to form-based prompt injection trickshttps://www.csoonline.com/article/4159079/copilot-and-agentforce-fall-to-form-based-prompt-injection-tricks.html-- 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 usershttps://www.bitdefender.com/en-us/blog/hotforsecurity/malicious-chrome-extensions-steal-google-telegram-data

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- A critical and unpatched vulnerability, named "BlueHammer," has been publicly disclosed for Microsoft Windows operating systems, allowing a local attacker to gain elevated privileges up to a system-level account.- A sophisticated espionage campaign, attributed to the Russian state-sponsored hacking group known as APT28 or Forest Blizzard, has been disrupted by U.S. authorities.- A critical vulnerability, identified as CVE-2025-59528, in the Flowise low-code platform for building artificial intelligence (AI) workflows is currently being actively exploited by hackers--Have a security topic you want us to cover? Let us know in the comments!--Sources:Experts published unpatched Windows zero-day BlueHammerhttps://securityaffairs.com/190400/breaking-news/experts-published-unpatched-windows-zero-day-bluehammer.html--Russia Hacked Routers to Steal Microsoft Office Tokenshttps://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/--Hackers exploit a critical Flowise flaw affecting thousands of AI workflowshttps://www.csoonline.com/article/4155680/hackers-exploit-a-critical-flowise-flaw-affecting-thousands-of-ai-workflows.html

Axios Compromised, Chrome Zero-Day, and WhatsApp Malware - Blumira BriefingsWelcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- The npm account for Axios, a JavaScript library with over 100 million weekly downloads, was compromised by threat actors who published malicious versions (1.14.1 and 0.30.4) containing remote access trojan (RAT) malware.- Google has released an emergency security update for its Chrome web browser, addressing a high-severity zero-day vulnerability, identified as CVE-2026-5281, which is actively being exploited by malicious actors.- Microsoft has issued a warning regarding a new malware campaign that targets WhatsApp users, exploiting social engineering tactics to trick them into executing malicious Visual Basic Script (VBS) files. This campaign, active since late February, aims to establish persistent remote access to infected systems.Have a security topic you want us to cover? Let us know in the comments!--Sources:Attackers hijack Axios npm account to spread RAT malwarehttps://securityaffairs.com/190221/security/attackers-hijack-axios-npm-account-to-spread-rat-malware.html--Google fixes actively exploited Chrome zero-day flaw, update nowhttps://cyberinsider.com/google-fixes-actively-exploited-chrome-zero-day-flaw-update-now/--WhatsApp malware campaign uses malicious VBS files to gain persistent accesshttps://www.csoonline.com/article/4153092/whatsapp-malware-campaign-uses-malicious-vbs-files-to-gain-persistent-access.html

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice.This week's episode:- The U.S. Federal Communications Commission, a government agency that regulates interstate and international communications, recently announced a significant new policy. The commission is banning the import of all new foreign-made consumer routers into the United States- A version of sophisticated iPhone spyware, known as DarkSword, has been publicly leaked on GitHub, raising urgent concerns among cybersecurity experts about potential widespread compromises of Apple iOS devices.- A threat group linked to North Korea, known as Team 8, is actively deploying new malware called StoatWaffle by exploiting features within Microsoft Visual Studio Code. This campaign, part of their ongoing "Contagious Interview" operations, abuses the editor's "tasks.json" auto-run functionality--Have a security topic you want us to cover? Want to hear more on a story we covered this week? Let us know in the comments!--Sources:US regulator bans imports of new foreign-made routers, citing security concernshttps://www.reuters.com/sustainability/boards-policy-regulation/fcc-banning-imports-new-chinese-made-routers-citing-security-concerns-2026-03-23--DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masseshttps://cyberscoop.com/darksword-iphone-spyware-leak-ios-18-exploit-threat/--North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malwarehttps://securityaffairs.com/189880/security/north-korea-linked-threat-actors-abuse-vs-code-auto-run-to-spread-stoatwaffle-malware.html

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- ClickFix attacks evolve techniques targeting macOS and Windows users with AI-based lures- A targeted voice phishing attack has led to unauthorized access to about 900,000 records at identity protection firm Aura- RondoDox attacks are becoming more focused and strategic, targeting 174 vulnerabilities up to 15,000 times a dayHave a security topic you want us to cover? Let us know in the comments!--Sources:ClickFix spreads from Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures:https://securityaffairs.com/189542/cyber-crime/from-windows-to-macos-clickfix-attacks-shift-tactics-with-chatgpt-based-lures.html--Identity protection firm Aura suffers breach:https://cyberinsider.com/identity-protection-firm-aura-suffers-data-breach-exposing-900000-records--RondoDox botnet expands arsenal, hits 15,000 daily exploit attempts:https://securityaffairs.com/189569/malware/rondodox-botnet-expands-arsenal-targeting-174-flaws-and-hits-15000-daily-exploit-attempts.html

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- Salesforce warns that a threat campaign is exploiting overly permissive Experience Cloud guest configurations to harvest data from public portals.- Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.- The Iranian cyberattack on Stryker is the kind of stress test that business continuity and disaster recovery programs often do not plan for.--Have a security topic you want us to cover? Let us know in the comments!--Sources:Overly permissive ‘guest’ settings put Salesforce customers at risk:https://www.csoonline.com/article/4143667/overly-permissive-guest-settings-put-salesforce-customers-at-risk.html--Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secretshttps://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html--Why Stryker's Outage Is a Disaster Recovery Wake-Up Callhttps://www.darkreading.com/cybersecurity-operations/stryker-outage-disaster-recovery-wake-up-call

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- Pro-Russia threat actors have formed a loose coalition with Iran-nexus hacking groups in response to the bombing campaign launched by the U.S. and Israel on Iran.- Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.- Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.--Like the new format? Have a security topic you want us to cover? Let us know in the comments!--Sources:Pro-Russia actors team with Iran-linked hackers in attacks:https://www.cybersecuritydive.com/news/pro-russia-actors-support-iran-nexus-hackers/813647/Microsoft: Hackers abuse OAuth error flows to spread malware:https://www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authenticationhttps://thehackernews.com/2026/03/starkiller-phishing-suite-uses-aitm.html

Welcome to Blumira Briefings, bringing you a weekly download of the top headlines and trends for your security practice.*This week's episode:*-  Another software supply chain hit: Typosquatted npm packages are harvesting creds and propagating through dev environments.- Tax season is open season for threat actors: refund hijacking, credential phishing, and payroll fraud risks are escalating for businesses and their employees.- When perimeter security becomes the liability: Marquis claims compromised firewall data paved the way for ransomware.Like the new format? Have a security topic you want us to cover? Let us know in the comments!*Sources:*- Self-spreading npm malware targets developers in new supply chain attack: https://www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack- Taxing times: Top IRS scams to look out for in 2026: https://www.welivesecurity.com/en/scams/taxing-times-top-irs-scams-look-out-2026- Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack: https://techcrunch.com/2026/02/24/marquis-sonicwall-lawsuit-ransomware-firewall-breach*Chapters:*0:00 Intro0:31 Self-Spreading NPM Malware3:54 IRS Scams 2026 Edition10:18 SonicWall Security Failings

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice.In this week's episode:-  Threat actor group GS7 impersonates Fortune 500 companies (incl. Wells Fargo, USAA, Navy Federal, and Fidelity) using spoofed domains with highly accurate cloned login portals.- Hudson Rock detected the first known case of infostealer malware successfully exfiltrating a victim's OpenClaw AI agent configuration environment- Researchers tested Claude, ChatGPT, and Gemini for password generation and found all three produce predictable passwords that can be quickly brute-forced.Like the new format? Have a security topic you want us to cover? Let us know in the comments!Sources:- Operation DoppelBrand: Weaponizing Fortune 500 Brands: https://www.darkreading.com/cyberattacks-data-breaches/operation-doppelbrand-weaponizing-fortune-500-brands- Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens: https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html- Your AI-generated password isn't random, it just looks that way: https://www.theregister.com/2026/02/18/generating_passwords_with_llms

Welcome to Blumira Briefings, your top headlines and trends for your security practice.This week's episode:- Microsoft released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild- A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node- Following a series of highly successful data-exfiltration-only attacks, ransomware groups are stealing victims’ data without encrypting itLike the new format? Have a security topic you want us to cover? Let us know in the comments!Sources:-- Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Dayshttps://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html-- Malicious 7-Zip site distributes installer laced with proxy toolhttps://www.bleepingcomputer.com/news/security/malicious-7-zip-site-distributes-installer-laced-with-proxy-tool-- Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falterhttps://www.securityweek.com/ransomware-groups-may-pivot-back-to-encryption-as-data-theft-tactics-falter

Welcome back to this week's Blumira Briefings, your top headlines and trends for your security practice.In this episode:- SolarWinds Web Help Desk critical vulnerabilities allowing unauthenticated remote code execution- Microsoft's warning about sophisticated infostealer campaigns targeting macOS, Python apps, and messaging platforms- Emerging threat vector: AI agents with privileged access being exploited for credential theftLike the new format? Have a security topic you want us to cover? Let us know in the comments!Sources:-- SolarWinds Web Help Desk Vulns: https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html-- Cross-Platform Infostealers Research: https://www.microsoft.com/en-us/security/blog/2026/02/02/infostealers-without-borders-macos-python-stealers-and-platform-abuse/-- AI Agent Security Risks: https://permiso.io/blog/inside-the-openclaw-ecosystem-ai-agents-with-privileged-credentials

Blumira Briefings are back for 2026 with a svelte new runtime to get you the critical security developments you need to know about even faster.In this episode: - Microsoft 365 services being exploited in sophisticated Adversary-in-the-Middle phishing campaigns- Active Directory vulnerability involving the 'primaryGroupID' attribute that could enable privilege escalation- Emerging security challenges in AI agent runtime environmentsLike the new look? Wanna see us cover something in next week's episode? Let us know below!Sources:AiTM Phishing Campaign: https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/Active Directory Vulnerability: https://trustedsec.com/blog/adventures-in-primary-group-behavior-reporting-and-exploitationAI Agent Security Risks: https://www.microsoft.com/en-us/security/blog/2026/01/23/runtime-risk-realtime-defense-securing-ai-agents/

🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔What We Cover This Week:🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score 🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances ✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems 🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants 📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updatesPlus, more insights on:How out-of-bounds write vulnerabilities workThe importance of inventory and asset management for tracking end-of-life equipmentWhy service-to-service (S2S) token abuse is especially concerning for cloud securityThe value of manual fallback procedures when critical systems are compromisedHow trusted publishing with OIDC can strengthen software supply chain securityBest practices for AI governance🔗 LINKS: OWASP AI BOM Project: https://owasp.org/www-project-aibom/SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint📰 SOURCES: WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/ SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/ European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/ Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/ CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html

It was a rare "light week" for major critical updates, giving us a chance to talk about some deeper trends and stories. Here’s what we covered: 📧 Microsoft Exchange 2016/2019 end of support coming in 30 days - migration options and considerations💻 NPM supply chain attack limited to minimal damage despite widespread potential impact, attackers made less than $1k🤖 Microsoft forcing Copilot installation in October - we talk security implications and how to opt-out🔒 Zero Trust’s quinceañera - can it still help us, or has the term been too “buzzwordified”? 🎓 Education sector's impressive ransomware defense improvements - ransom amounts dropping, and payments dropping even more!💡 Quick tip of the week: Try treating every remote device as though it were connecting from an unknown coffee shop network - implement strong network segmentation, SSL everywhere, and posture checks to maintain security regardless of connection locationPlus, Expert Insights On:Why some organizations still opt for on-premises Exchange versus cloud alternativesThe security implications of auto-installing AI tools like Copilot with hard-to-find opt-out optionsHow the "Salty2FA" phishing kit demonstrates increasing sophistication in social engineering attacksWhy positive reinforcement works better than punishment in security awareness programsHow to leverage education sector successes as examples when advocating for security investments📰 SOURCES: Microsoft Exchange 2016/2019 End of Support: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-30-days/ NPM Supply Chain Attack: https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/ Microsoft Copilot Force Install: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-the-microsoft-365-copilot-app-in-october/ Salty2FA Phishing Kit: https://www.infosecurity-magazine.com/news/salty2fa-phishing-kit/Education Ransomware Success: https://www.infosecurity-magazine.com/news/ransomware-payments-plummet/Zero Trust at 15: https://www.securityweek.com/zero-trust-is-15-years-old-why-full-adoption-is-worth-the-struggle/

🔔 It's time for your essential security download with Blumira Briefings! This week, Zoe is joined by Mike Toole, Nick Dixon, and Justin Kikani to break down the week's most important security headlines with context you can actually use. 🔔What We Cover This Week:📱 Android's largest patch of 2025 with 120 fixes, including two actively exploited vulnerabilities🌐 EOL’d TP-Link router flaws added to CISA's Known Exploited Vulnerabilities catalog☁️ New research: massive phishing operation abusing expired domains through Google Cloud and Cloudflare infrastructure🔑 SalesLoft Drift breach via GitHub account compromise affecting 22+ known companies so far💻 New research showing remote access software abuse as the #1 pre-ransomware indicator💡 Quick tip of the week: Consider using Canary Tokens embedded in your website's branding or footer to get alerts when someone clones your site for phishing purposesPlus, Expert Insights On:- How to handle Android devices that are no longer receiving manufacturer updates- Why to treat every remote work laptop like it's connecting from a coffee shop- Practical tips for keeping track of your organization's domains, to prevent brand impersonation- Best practices for rapid response to remote access tool abuse, key to preventing ransomware execution- Why you should consider rotating API keys after vendor security incidents📰 SOURCES:Android's September Security Patch: https://www.theregister.com/2025/09/03/android_patch_september/TP-Link Router Vulnerabilities: https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.htmlPhishing Empire Using Google Cloud: https://www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflareSalesLoft Drift Breach: https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.htmlRemote Access Abuse Study: https://www.infosecurity-magazine.com/news/remote-access-abuse-pre-ransomware/

🔐 Welcome to Blumira Briefings! This week, Zoe is joined by Chris Furner and Mike Toole to download the latest on critical vulnerabilities and emerging threats you need to know about. 🔐What We Cover This Week:🐳 Critical Docker Desktop vulnerability would allow attacks on host through unauthenticated Engine API access 🔑 Git code execution vulnerability added to CISA's Known Exploited Vulnerabilities catalog 🌐 High-severity vulnerabilities patched in Chrome and Firefox browsers (yes, V8 JS Engine again...)🔒 Attackers using legit office.com links with ADFS redirects to phish🤖 AI agent security in 2025: non-human identities now outnumber humans 82:1, so... what's your plan?🚨 Whistleblower reports Social Security database exposure affecting 300+ million Americans💡 Quick tip of the week: Treat containers as applications running on your machine and scan them before execution, and check container images for vulnerabilities before running them on your system.Expert Insights On:Container security best practices beyond built-in controlsPreventing developers from cloning risky Git repositoriesHow to start keeping count of non-human identities in your environmentEvaluating when legacy systems might have better modern alternatives📰 SOURCES:Docker Desktop Vulnerability: https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/ CISA Git Vulnerability Alert: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/ Chrome/Firefox Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/ Microsoft ADFS Phishing: http://bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/ AI Identity Management: https://www.darkreading.com/cybersecurity-operations/growing-challenge-ai-agent-nhi-management Social Security Whistleblower: https://whistleblower.org/press-release/whistleblower-warns-of-possible-risks-to-americans-social-security-information/🔍 LINKS: How to freeze your credit (Krebs on Security): https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/OWASP Agentic AI Threats & Mitigations: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

🔐 Welcome to Blumira Briefings! This week, our security experts are joined by Tom Lawrence of Lawrence Systems to break down the latest headlines, trends, and tips you need to know about. What We Cover This Week:🔥 Cisco's latest CVSS 10.0 vulnerability in Secure Firewall Management Center allows unauthenticated remote command execution🖥️ Zoom Windows client privilege escalation vulnerability and Xerox FreeFlow Core remote code execution flaws -- patch now!💬 Microsoft Teams RCE vulnerability allowing attackers to read, write, and delete messages through complex attack🌡️ Tailscale's 2025 State of Zero Trust Report gives a look at how zero-trust methods are viewed and used today⚠️ Latest trends on Blumira platform, including suspicious VPN activity and registry value tamperingWe also got to pick Tom's brain on what he's learned during his 30-year career, and why he's drawn to helping others learn. He also shares all the places he gets his own news updates, and how you can to... check it out!💡 Quick tip of the week: Embrace uncertainty! When presenting on security topics, it's okay to say "I don't know" and follow up later. EXTRA BONUS TIP: Creating "anti-notes" that remind you what topics to avoid can help keep presentations focused and effective📰 SOURCES:Cisco Firewall Management Center Vulnerability: https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/Zoom and Xerox Security Updates: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.htmlMicrosoft Teams RCE Vulnerability: https://cybersecuritynews.com/microsoft-teams-rce-vulnerability/Tailscale Zero Trust Report: https://tailscale.com/resources/report/zero-trust-report-2025🔗  RESOURCES:Tom's Security News Feed: https://lawrence.video/cybernewsCISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-modelNIST 800-207 Zero Trust Architecture Guide: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Welcome back to Blumira Briefings, freshly back after our summer break! Join Zoe and our panel of security experts Jake Ouellette, Michael Kellar, and Chris Furner as we dive into the week's most critical security headlines with actionable context.What We Cover This Week:🔐 Critical Microsoft Exchange vulnerability (CVE-2025-53786) affecting on-premises servers - 29,000+ servers remain unpatched, let’s talk why📱 Android's August security patch addressing critical vulnerabilities, including a zero-click RCE exploit and Qualcomm Adreno GPU flaws ⏰ Windows 11 23H2 Home and Pro reaching end of support in November - why support cycles are getting shorter☁️ Millions of records exposed through an unsecured AWS S3 bucket - how this common misconfiguration continues to cause major data breaches 📧 How attackers are abusing Microsoft 365's "Direct Send" feature to bypass security measures and appear as trusted internal senders💡 Quick tip of the week: Run regular scans for exposed S3 buckets using tools like S3Scanner or S3Enum. Even if you don't think your organization has AWS instances, shadow infrastructure might exist without your knowledge.Plus, Expert Insights On:Why some organizations still maintain on-premises Exchange servers despite cloud alternativesHow to handle Android device security when updates depend on manufacturer timelinesThe challenge of keeping pace with accelerating Windows update cyclesEssential cloud storage security practices to prevent data exposureStrategies to protect against sophisticated internal email spoofing📰 SOURCES:Microsoft Exchange Vulnerability: https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/ Android Security Update: https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can Windows 11 End of Support: https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ AWS S3 Bucket Exposure: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/ Microsoft 365 Direct Send Phishing: https://www.darkreading.com/cyber-risk/phishers-abuse-m365-direct-send-to-spoof-internal-users🔗 LINKS:Atomic Red Team Testing Framework: https://www.atomicredteam.io/S3Scanner GitHub Repository: https://github.com/sa7mon/S3Scanner S3Enum GitHub Repository: https://github.com/koenrh/s3enum DorkSearch Tool: https://dorksearch.com/Google Dorks Awesome List : https://github.com/Tobee1406/Awesome-Google-Dorks 

🚨 Welcome to Blumira Briefings! This week, our security experts Jake, Mike, and Michael join Zoe to help break down critical vulnerabilities and trending threats you need to know about. 🚨What We Cover This Week:📱 Two critical Cisco vulnerabilities - hard-coded root credentials in Unified CM (CVSS 10.0) and RCE flaws in Identity Services Engine (CVSS 10.0) 🌐 Google's 4th Chrome zero-day of 2025 - type confusion in the V8 JavaScript engine ⚠️ CitrixBleed 2 exploits now in the wild - allowing attackers to steal session tokens with a CVSS 9.3 rating ⚫ Windows' Blue Screen of Death turning black - Microsoft's response to last year's CrowdStrike outage 🤖 AI models providing incorrect login URLs 34% of the time, creating new phishing opportunities 💼 Ingram Micro hit by suspected SafePay ransomware, highlighting supply chain risks💡 Quick tip of the week: Remind your team that LLMs generate information rather than retrieve it - so it’s important to always verify URLs!Expert Insights On:* Building failover communication options in case primary systems are compromised* How to better validate API security before implementation* Why organizations should treat AI-generated information with skepticism* Defensive domain registration strategies to counter AI misdirection* Preparation steps to mitigate third-party security risksSOURCES:Cisco Root Credential Flaw: https://hackread.com/cisco-emergency-fix-critical-root-credential-flaw-unified-cm/Cisco ISE Vulnerabilities: https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-rce-flaws-in-identity-services-engine/ Chrome Zero-Day: https://www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/Windows Blue Screen Changes: https://www.securityweek.com/windows-infamous-blue-screen-of-death-will-soon-turn-black/CitrixBleed 2 Exploits: https://go.theregister.com/feed/www.theregister.com/2025/07/07/citrixbleed_2_exploits/AI Models URL Issues: https://www.infosecurity-magazine.com/news/ai-models-mislead-users-login-urls/Ingram Micro Ransomware: https://www.darkreading.com/cyberattacks-data-breaches/ransomware-attack-outage-ingram-microRESOURCES:Burnout Assessment Test for Security Professionals: https://github.com/Patrick-Kelley/CBI-CSJake's video on double extension file attacks: https://youtu.be/qXGcNCSLDKw

🔔 Welcome back for this week’s episode and your weekly security download! We're joined by Jake Ouellette, Taylor Jacobson, and Amanda Berlin to break down the week's most important security headlines with context you can actually use. 🔔What We Cover This Week:📊 Most changed weekly trends, including recurring process dumps for credential theft and suspicious IAM behavior🔧 Critical Veeam RCE vulnerability (CVE-2025-23121) with a 9.9 CVSS score - make sure to patch this one immediately!🌐 NetScaler ADC and Gateway vulnerabilities allowing token theft from internet-facing devices📲 Cisco Meraki MX and Z device vulnerability can DoS VPN connections 💼 Identity theft report showing 148% surge in impersonation scams, with businesses as primary targets 🤖 First-ever zero-click AI data leak vulnerability in Microsoft 365 Copilot dubbed "EchoLeak"Document your recovery processes so anyone can perform them if the primary person is unavailable - don't create single points of failure in your incident response teamPlus, Expert Insights On:How to handle emergency patches outside normal change control cyclesWhy testing backup restoration is more critical than just having backupsPractical ways to run tabletop exercises even with limited resourcesStrategies for businesses to prevent impersonation attacksHow organizations can manage AI access to reduce risksNOTE: We'll be on hiatus next week due to the July 4th holiday -- we'll be back on July 11th with more security insights!📰 SOURCES:Veeam RCE Vulnerability: https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.htmlCitrix NetScaler Vulnerabilities: https://www.darkreading.com/vulnerabilities-threats/citrix-patches-vulns-netscaler-adc-gatewayCisco & Atlassian Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-by-cisco-atlassian/Identity Impersonation Scams: https://www.infosecurity-magazine.com/news/reported-impersonation-scams-surge/Zero-Click AI Data Leak: https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/🔗 LINKS:Veeam Advisory: https://www.veeam.com/kb4743Rapid7 Emergent Threat Response: https://www.rapid7.com/blog/post/etr-critical-veeam-backup-replication-cve-2025-23121/Citrix Security Bulletin CTX693420: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420OWASP Top 10 for LLM Applications 2025: https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/Defensive Security Handbook: https://www.oreilly.com/library/view/defensive-security-handbook/9781098127237/

🔔 Your essential security briefing is here! This week, Matt Warner, Nick Dixon, and Jake Ouellette join Zoe Lindsey to break down critical developments in cybersecurity with practical context for busy IT and security teams. 🔔What We Cover This Week: 🔐 Trend Micro patches 6 critical vulnerabilities (CVSS 9.8) in Apex Central and PolicyServer products - and how the deserialization method leveraged to exploit them works🔍 Over 80,000 Microsoft Entra ID accounts targeted using TeamFiltration - how this pen testing tool is being weaponized by attackers 📘 NIST's new Zero Trust Implementation Guide - less conceptual introductions, with better focus on practical implementation📊Latest World Economic Forum report shows smaller organizations feel they are approaching cybersecurity breaking point - the panel talks how to get strategic when resources and time are tight💡 Quick tip of the week: Perform a gap assessment to identify high-impact, low-effort security improvements to prioritize first — evolution, not reinvention is the name of the game!Plus, Expert Insights On:Why traditional rate limiting fails against sophisticated password spraysThe usefulness of frameworks to start with the right questionsStrategies for prioritizing security efforts to avoid burnout🔗 LINKS:Trend Micro Security Bulletins:Endpoint Encryption PolicyServer: https://success.trendmicro.com/en-US/solution/KA-0019928 Apex Central: https://success.trendmicro.com/en-US/solution/KA-0019926NIST Zero Trust Resources:SP 1800-35: Implementing a Zero Trust Architecture (Final): https://csrc.nist.gov/pubs/sp/1800/35/finalSP 800-207: Zero Trust Architecture (2020 Conceptual Framework): https://csrc.nist.gov/publications/detail/sp/800-207/finalActive Directory Hardening Guide: https://osintteam.blog/%EF%B8%8Factive-directory-hardening-for-enterprise-security-5832b3f75de0📰 SOURCES:Trend Micro Critical Vulnerabilities: https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserverNIST Zero Trust Implementation Guide: https://www.infosecurity-magazine.com/news/nist-zero-trust-implementation/Microsoft Entra ID TeamFiltration Attacks: https://thehackernews.com/2025/06/over-80000-microsoft-entra-id-accounts.htmlSmall Orgs Cybersecurity Breaking Point: https://www.csoonline.com/article/4003892/smaller-organizations-nearing-cybersecurity-breaking-point.html

This week on Blumira Briefings, join our "Oops! All Detection Engineers" episode as Zoe hosts Jake and Justin to break down the most critical security headlines of the week with practical context you can actually use!🔍 What We Cover This Week:🌩️ Cisco ISE credential vulnerability affecting cloud deployments on AWS, Azure & Oracle (CVE-2025-20286) 🔐 SAP NetWeaver critical missing authorization bug in RFC framework (CVE-2025-42989) 📊 Our most changed security trends of the week - what's suddenly spiking across our detection data 🪟 Windows WebDAV zero-day exploited against Turkish defense organization (CVE-2025-33053) 🧩 Popular Chrome extensions leaking data through unencrypted HTTP connections 🎭 Updated CISA guidance on Play Ransomware with new attack details💡 Quick tip of the week: Validate your security controls by testing them regularly - have you tried restoring from your backups recently to confirm they actually work?Plus, Expert Insights On: 🔑 Why "randomly generated" credentials are just default credentials with extra steps ☁️ How to protect cloud infrastructure from credential vulnerabilities ⏱️ Why the time between vulnerability disclosure and broader exploitation keeps shrinking 🔌 The security risks of browser extensions and VPN services 🛡️ The importance of using phishing-resistant MFA with secure backup options🔗 LINKS:CVSS Base Score Metrics: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorPyramid of Pain: https://www.attackiq.com/glossary/pyramid-of-pain/🤫 SUPER EXTRA BONUS DEFENDER RESOURCE:🐵 Monkey365 – PS Scanner for M365, Azure, and Entra: https://github.com/silverhack/monkey365 

🔔 Welcome to Blumira Briefings! This week, we're joined by Michael Kellar, Chris Furner, and Justin Kikani to break down the week's most important security headlines with expert context you can actually use. 🔔What We Cover This Week:🔄 NEW FORMAT! Instead of our usual top trends, we're highlighting the rarest findings in our environments - with insights on what makes these unusual detections worth your attention🌐 Critical Chrome vulnerabilities with active exploits in the wild - what makes use-after-free and out-of-bounds write bugs so dangerous 🛠️ ConnectWise ScreenConnect and other vulnerabilities added to CISA's Known Exploited Vulnerabilities list 🪟 OneDrive File Picker flaw giving third-party apps broader permissions than users expect 🍪 NordVPN's alarming research on 94 billion stolen cookies for sale on dark web marketplaces 🎭 Deep dive into Scattered Spider's sophisticated help desk social engineering tactics💡 Quick tip of the week: Consider conducting periodic, scheduled reboots for your organization's devices - this helps clear browser sessions, refresh security policies, and force application updates like Chrome to install critical patches.Plus, Expert Insights On:- Why auditing third-party app permissions is crucial for cloud security- Why infostealer attacks are on the rise- Practical strategies for protecting help desk teams from social engineering- The rising trend of identity-focused attacks vs. traditional device targeting- How to implement proper controls for remote workers using home network equipment🔗 LINKS:Prowler - Cloud security assessment tool: https://github.com/prowler-cloud/prowler SilentPush research on Scattered Spider: https://www.silentpush.com/blog/scattered-spider-2025/ Blumira blog on SocGholish:  https://www.blumira.com/blog/socgholish-malware-recent-trends-and-effective-detection-strategies📰 SOURCES:Chrome Zero-Day Vulnerability: https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/ConnectWise and CISA KEV Update: https://www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/ OneDrive File Picker Vulnerability: https://hackread.com/onedrive-file-picker-apps-full-access-user-drives/ Stolen Cookies Research: https://www.theregister.com/2025/05/29/billions_of_cookies_available Scattered Spider Analysis: https://thehackernews.com/2025/06/scattered-spider-understanding-help.html

🔔 Welcome back to Blumira Briefings, your essential security download! This week, Matt Warner, Mike Toole, Jake Ouellette, and Zoe Lindsey break down the latest security headlines with context you can actually use. 🔔What We Cover This Week:🩹 Cisco patches 10 issues, including 2 high-severity DoS and privilege escalation flaws 🔑 184 million login credentials for major platforms exposed online🇷🇺 Russia's Fancy Bear stepping up attacks on logistics and IT firms 💻 BadSuccessor: Understanding a Windows Server 2025 vulnerability exploiting permission inheritence 🤖 GitLab Duo prompt injection vulnerability, highlighting potential AI assistant security risksPlus, Expert Insights On:Focusing on threat actor attribution vs. focusing on remediationPractical strategies for balancing AI assistant functionality with securityThe importance of monitoring AD permission changes and account creationThe risk in using Outlook/email storage for sensitive information📰 SOURCES: Cisco Patches: https://www.securityweek.com/cisco-patches-high-severity-dos-privilege-escalation-vulnerabilities/ Exposed Login Credentials: https://www.websiteplanet.com/news/infostealer-breach-report/ Fancy Bear Advisory: https://www.darkreading.com/cyberattacks-data-breaches/cisa-russia-fancy-bear-targeting-logistics-it-firms BadSuccessor Vulnerability: https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory GitLab Duo Prompt Injection: https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

🔔 Your essential security download is here! This week on Blumira Briefings, we're joined by Matt Warner, Jake Ouellette, and Mike Toole to break down the latest security headlines with practical insights for busy IT and security teams. 🔔What We Cover This Week:📱 Chrome patches 3rd actively-exploited vuln in a week - what this means for browser security 🔐 Microsoft's patch Tuesday fixes 78 flaws, including five 0days and a CVSS 10.0 vulnerability in Azure DevOps Server🔄 How attackers are abusing dynamic DNS services to create convincing phishing domains and evade detection 🕸️ We look at a novel "Hazy Hawk" attack, exploiting abandoned CNAME records to hijack trusted domains 📊 New "Likely Exploited Vulnerabilities" (LEV) metric proposed by NIST/CISA - will it help your prioritization?💡 Quick tip of the week: Set a recurring "DNS spring cleaning day" to audit and remove obsolete or unused DNS records to prevent dangling CNAME attacksPlus, Expert Insights On:Can you "just disable JavaScript" in modern web environments?How to properly secure your developer machines against token theftWhy a complex password that's "keyboard walked" doesn't count as secureBetter approaches to prioritizing vulnerabilities beyond just scores🔗 RESOURCE LINKS:Certificate Search: https://crt.sh/ DNS Twist Tool: https://dnstwist.it/📰 SOURCES:Google Chrome Zero-Day Fixes: https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/ Microsoft Patch Tuesday: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html Likely Exploited Vulnerabilities Metric: https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/ Dynamic DNS Attacks: https://www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator Hazy Hawk DNS Hijacking: https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/

🔔 Welcome to another episode of Blumira Briefings! This week, we welcome special guest Dennis Fisher, InfoSec journalist extraordinaire and Editor-in-Chief of Decipher, joining Zoe Lindsey, Jake Ouellette, and Nick Dixon to break down the week's most important security headlines. 🔔What We Cover This Week:📱 Apple's iOS/iPadOS 18.5 update patches 30+ security bugs - learn what's affected and why you need to update now💻 ASUS DriverHub vulnerability allows attackers to run admin commands through malicious websites🔧 Cisco IOS XE Wireless Controller critical vulnerability (CVSS 10.0) exploitable via hardcoded JWT tokens☎️ Fortinet zero-day exploited in FortiVoice attacks - what post-compromise activity looks like🔍 SPECIAL SEGMENT: Dennis Fisher shares insights on navigating InfoSec journalism, finding reliable sources, and how to cut through vendor spin to find the truth🛠️ Detection Engineering deep dive: Why maintenance matters, and how to shift from reactive to proactive security operations💡 Quick tip: Consider the security implications of pre-installed utilities with elevated privileges - sometimes you need to disable bloatware in BIOS, not just uninstall it!🔗 LINKS:Apple iOS/iPadOS 18.5 Security Update: https://support.apple.com/en-us/122404ASUS DriverHub Advisory: https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/Cisco IOS XE Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfCFortinet Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254Detection Engineering Maintenance Article: https://medium.com/falconforce/why-is-no-one-talking-about-maintenance-in-detection-engineering-ebb5820564dcDetection Engineering Maturity Matrix: https://detectionengineering.io/

🔔 Welcome back to Blumira Briefings! Fresh from RSA, we're diving into the week's critical security stories with Mike Toole, Michael Keller, and Jake Ouellette to provide actionable context for IT and security teams. 🔔What We Cover This Week:📊 Top trending threats, including suspicious Microsoft 365 activity, Sophos blocked website alerts, and important batch script execution patterns🔊 "AirBorne" - Wormable AirPlay flaws affecting not just Apple devices but also smart speakers, TVs, and CarPlay systems🛡️ Two SonicWall vulnerabilities being actively exploited despite patches being available since 2023/2024🧩 "Bring Your Own Installer" EDR bypass technique used in ransomware attacks against SentinelOne🪟 Windows RDP session persistence that allows continued access after password changes or account disabling☁️ Novel privilege escalation technique in Google Cloud Platform using resource tags💡 Expert Insights On:- Why attackers consistently use net commands for reconnaissance and how to detect them- Practical mitigation strategies for AirPlay vulnerabilities, especially for devices that rarely get updates- The security implications of "wrapper apps" that modify secure messaging platforms- How to implement stronger cloud access controls to prevent privilege escalation🔍 QUICK TIP: Check if your organization has RDP directly exposed to the internet - if you do, it's one of the highest risk indicators for a potential breach!🔗 LINKS:AirPlay Security Issues: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.htmlSonicWall Vulnerabilities: https://www.securityweek.com/sonicwall-flags-two-vulnerabilities-as-exploited/EDR Bypass Research: https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentineloneWindows RDP Issue: https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/GCP Privilege Escalation: https://www.mitiga.io/blog/tag-your-way-in-new-privilege-escalation-technique-in-gcpProwler (Cloud Security Tool): https://prowler.com/SocGholish Malware Analysis: https://www.blumira.com/blog/socgholish-malware-recent-trends-and-effective-detection-strategiesSubscribe for weekly security insights every Friday at 1pm ET!#CyberSecurity #VulnerabilityManagement #BlumiraBriefings #AirPlay #AppleSecurity #CloudSecurity #EDR

🔔 It's time for your essential security download with Blumira Briefings! This week, we're joined by Amanda Berlin, Jake Ouellette, and Nick Dixon to break down the week's most important security headlines with context you can actually use. 🔔What We Cover This Week: 📊 Top trending threats, including a rise in stolen credentials attacks and continuing remote access tool abuse 🌐 Critical Erlang/OTP SSH vulnerability with public exploits now available - what it affects and what it doesn't 📲 Cisco WebEx vulnerability allowing code execution through meeting links 🔐 SSL.com certificate issuance vulnerability though DCV subversion💰 Ransomware study showing demands increase when attackers find insurance documents - practical steps to protect your organization🤖 How AI models are generating working exploits within hours of vulnerability disclosures - and what this means for your patching strategy💡 Quick tip of the week: Shodan searches can help you quickly check if your organization's public-facing systems are exposedPlus, Expert Insights On:Practical detection strategies for suspicious remote access toolsHow to strengthen SSH security beyond just patchingWhy backups fail 85% of the time when actually neededHow to balance cyber insurance benefits with potential risksStrategies to accelerate patching as exploit development speeds upNOTE: We'll be on hiatus next week due to RSA Conference -- we'll see you in two weeks with more security insights!

🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔What We Cover This Week: 📊 Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts ⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes 🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices 🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now 🏛️ CVE program uncertainty and temporary extension - what security teams need to know 🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029 🤖 "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistantsPlus, Expert Insights On:How to use vulnerability announcements to build effective tabletop exercisesDefensive measures when fixes aren't available for active threatsWhy legacy systems like on-premises Exchange persist despite security risksPractical ways to handle certificate management automationStrategies for securing AI-assisted code developmentPro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!🔗 SOURCES: Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/ CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/ SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/ AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥

🔔 Time for another edition of Blumira Briefings, bringing you the week’s headlines with the extra context you need! 🔔What We Cover This Week:📊 Top trending threats, risks, and suspects detected across our platform - including risky Azure sign-ins and Screen Connect anomalies💻 Halo ITSM vulnerability that allowed pre-auth SQL injection - and how quick vendor responses can demonstrate good security practices 📱 Android's critical April security update fixing over 60 flaws, including an 0day and plenty of privilege escalation bugs🔍 NIST's new "deferred" status for older vulnerabilities (and why legacy CVEs still matter)⚠️ Malicious VS Code extensions used in cryptomining campaigns - find out why attackers keep using this vector🎣 Tax-themed phishing campaigns deploying BruteRatel, Raccoon and AHKBot malware through sophisticated attack chainsPlus, Expert Insights On:How to evaluate vendor security incident responsesBYOD considerations for mobile device securityWhy old CVEs remain relevantMitigating the risks of developer tools like VS CodeHow threat actors leverage emotional current events like tax season for effective phishingDon't miss out on more practical advice for securing your organization -- hit subscribe for your weekly security download. 💪🔗 LINKS:CVE Trends Tool: https://intel.intruder.ioMSPGeek: https://mspgeek.org/ MSPs R Us: https://discord.com/invite/mspexchange📰 SOURCES:Halo ITSM Vulnerability: https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/Android Security Update: https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/NIST Deferred Status: https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilitiesVS Code Extensions Campaign: https://www.infosecurity-magazine.com/news/microsoft-vs-code-cryptojacking/Tax Season Phishing: https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/CHAPTERS0:00 - Introduction1:12 - Weekly Trends7:30 - Halo ITSM vulnerability13:30 - Android's critical April security update18:59 - NIST's new "deferred" status for older vulnerabilities26:15 - Malicious VS Code extensions32:31 - Tax-themed phishing campaigns44:15 - Outro

Welcome back for our latest episode of Blumira Briefings! This week, Zoe is joined by Matt Warner (CEO/Co-founder), Mike Toole (Director of IT and Security), and Jake Ouellette (Detection Engineering) to break down the week's headlines with a side of perspective! 🔒In this episode, we'll cover:📊 This week's top threats, suspects, and risks tracked by our detection and response platform⚠️ New critical security flaws found in VMware Tools and CrushFTP (with CVSS scores of 7.8 and 9.8 respectively! Learn what makes certain vulnerabilities more severe than others🔍 CheckPoint confirms a breach but says it contains "old data" – we discuss how to evaluate vendor security incidents and what questions customers should be asking😬 The Oracle breach saga unfolds in three parts – from denial to confirmation to healthcare data exposure! We discuss what this reveals about breach disclosure practices🦠 Jake breaks down how a fake Zoom installer led to BlackSuit ransomware through a sophisticated multi-stage attack chain, and how attackers use legitimate tools for malicious purposes🔑 Why Evilginx tools continue to successfully bypass MFA, and what stronger authentication methods like passkeys can do to help protect your accountsLINKS/SOURCES 🔗⚠️ VMWare Tools Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518 ⚠️ CrushFTP Advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update🛠️ More on canary tokens: https://docs.canarytokens.org/guide/entraid-token.html📰 New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html📰  Check Point confirms breach, but says it was 'old' data and crook made 'false' claims: https://www.theregister.com/2025/03/31/check_point_confirms_breach/📰  Oracle denies breach after hacker claims theft of 6 million data records: https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/📰 Oracle customers confirm data stolen in alleged cloud breach is valid: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/📰 Oracle Health breach compromises patient data at US hospitals: https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/📰 Fake Zoom Ends in BlackSuit Ransomware: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/📰 Evilginx Tool (Still) Bypasses MFA: https://www.darkreading.com/endpoint-security/evilginx-bypasses-mfaDon't miss out on these important security updates – hit that subscribe button and join us every Friday for your weekly security download! 💪