🔔 Welcome to Blumira Briefings! This week, we're joined by Michael Kellar, Chris Furner, and Justin Kikani to break down the week's most important security headlines with expert context you can actually use. 🔔
What We Cover This Week:
🔄 NEW FORMAT! Instead of our usual top trends, we're highlighting the rarest findings in our environments - with insights on what makes these unusual detections worth your attention
🌐 Critical Chrome vulnerabilities with active exploits in the wild - what makes use-after-free and out-of-bounds write bugs so dangerous
🛠️ ConnectWise ScreenConnect and other vulnerabilities added to CISA's Known Exploited Vulnerabilities list
🪟 OneDrive File Picker flaw giving third-party apps broader permissions than users expect
🍪 NordVPN's alarming research on 94 billion stolen cookies for sale on dark web marketplaces
🎭 Deep dive into Scattered Spider's sophisticated help desk social engineering tactics
💡 Quick tip of the week: Consider conducting periodic, scheduled reboots for your organization's devices - this helps clear browser sessions, refresh security policies, and force application updates like Chrome to install critical patches.
Plus, Expert Insights On:
- Why auditing third-party app permissions is crucial for cloud security
- Why infostealer attacks are on the rise
- Practical strategies for protecting help desk teams from social engineering
- The rising trend of identity-focused attacks vs. traditional device targeting
- How to implement proper controls for remote workers using home network equipment
🔗 LINKS:
Prowler - Cloud security assessment tool: https://github.com/prowler-cloud/prowler
SilentPush research on Scattered Spider: https://www.silentpush.com/blog/scattered-spider-2025/
Blumira blog on SocGholish: https://www.blumira.com/blog/socgholish-malware-recent-trends-and-effective-detection-strategies
📰 SOURCES:
Chrome Zero-Day Vulnerability: https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/
ConnectWise and CISA KEV Update: https://www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/
OneDrive File Picker Vulnerability: https://hackread.com/onedrive-file-picker-apps-full-access-user-drives/
Stolen Cookies Research: https://www.theregister.com/2025/05/29/billions_of_cookies_available
Scattered Spider Analysis: https://thehackernews.com/2025/06/scattered-spider-understanding-help.html
Popular Podcasts
Fudd Around And Find Out
UConn basketball star Azzi Fudd brings her championship swag to iHeart Women’s Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what it’s like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? It’s time to Fudd Around and Find Out!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.