🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔
What We Cover This Week:
📊 Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts
⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes
🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices
🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now
🏛️ CVE program uncertainty and temporary extension - what security teams need to know
🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029
🤖 "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistants
Plus, Expert Insights On:
- How to use vulnerability announcements to build effective tabletop exercises
- Defensive measures when fixes aren't available for active threats
- Why legacy systems like on-premises Exchange persist despite security risks
- Practical ways to handle certificate management automation
- Strategies for securing AI-assisted code development
Pro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!
🔗 SOURCES:
Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories
CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥
Popular Podcasts
Fudd Around And Find Out
UConn basketball star Azzi Fudd brings her championship swag to iHeart Women’s Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what it’s like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? It’s time to Fudd Around and Find Out!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!