๐ Time for another edition of Blumira Briefings, bringing you the weekโs headlines with the extra context you need! ๐
What We Cover This Week:
๐ Top trending threats, risks, and suspects detected across our platform - including risky Azure sign-ins and Screen Connect anomalies
๐ป Halo ITSM vulnerability that allowed pre-auth SQL injection - and how quick vendor responses can demonstrate good security practicesย
๐ฑ Android's critical April security update fixing over 60 flaws, including an 0day and plenty of privilege escalation bugs
๐ NIST's new "deferred" status for older vulnerabilities (and why legacy CVEs still matter)
โ ๏ธ Malicious VS Code extensions used in cryptomining campaigns - find out why attackers keep using this vector
๐ฃ Tax-themed phishing campaigns deploying BruteRatel, Raccoon and AHKBot malware through sophisticated attack chains
Plus, Expert Insights On:
How to evaluate vendor security incident responses
BYOD considerations for mobile device security
Why old CVEs remain relevant
Mitigating the risks of developer tools like VS Code
How threat actors leverage emotional current events like tax season for effective phishing
Don't miss out on more practical advice for securing your organization -- hit subscribe for your weekly security download. ๐ช
๐ LINKS:
CVE Trends Tool: https://intel.intruder.io
MSPGeek: https://mspgeek.org/ย
MSPs R Us: https://discord.com/invite/mspexchange
๐ฐ SOURCES:
Halo ITSM Vulnerability: https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/
Android Security Update: https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/
NIST Deferred Status: https://www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities
VS Code Extensions Campaign: https://www.infosecurity-magazine.com/news/microsoft-vs-code-cryptojacking/
Tax Season Phishing: https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
CHAPTERS
0:00 - Introduction
1:12 - Weekly Trends
7:30 - Halo ITSM vulnerability
13:30 - Android's critical April security update
18:59 - NIST's new "deferred" status for older vulnerabilities
26:15 - Malicious VS Code extensions
32:31 - Tax-themed phishing campaigns
44:15 - Outro
Popular Podcasts
Fudd Around And Find Out
UConn basketball star Azzi Fudd brings her championship swag to iHeart Womenโs Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what itโs like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? Itโs time to Fudd Around and Find Out!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you wonโt hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, youโve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!