It's easy to bash vulnerabilities with logos but... I couldn't resist, say hello to http1mustdie.com :)

🛡️ Then read the next blog post to learn how to defend: bit.ly/4kSWrbc

msrc.microsoft.com/update-guide/v… Microsoft Azure Portal CVE-2025-53792 CVSSv3.1 9.1 Afaik Microsoft claims the vulnerability was not public and no customer was affected. However Microsoft does not answer if they would have to logs/forensics to answer that. #infosec #azure #microsoft

Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 | by Kevin Beaumont doublepulsar.com/citrix-forgot-…

Everyone who works in Microsoft Cloud, download this roadmap. Thank Merill Fernando and many others at Microsoft when you get a chance. This is the best work Microsoft has done for security, in my humble opinion. I used to be in the "Zero Trust is just an idea" camp. Microsoft has

“The largest supply chain compromise in npm, Inc. history just happened, packages with a total of 2 billion weekly downloads just got turned malicious” LinkedIn Post linkedin.com/posts/advocate… More info on hacker news news.ycombinator.com/item?id=451696…

In response to Senator Ron Wyden's letter to the FTC, I have put together my comments on Kerberoasting and RC4. redsiege.com/blog/2025/09/k…

jira.atlassian.com/browse/CONFSER… Atlassian Confluence RCE CVE-2025-48734 CVSSv3.1 8.8 Confluence versions 7.19, 8.5-8.9, 9.0-9.5 and 10.0 affected. #infosec #atlassian #confluence

If you’re looking for ways to reduce the risk from compromised #NPM packages, here’s a solid post from Hacker News. I contains a few practical steps to harden your setup: - Use pnpm. It’s faster, takes less space, and blocks post-install scripts by default. Most of them are

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory, patch, or disconnect affected devices. The last 3 Cisco advisories are directly tied to

🚨 Nation-state affiliated threat actors have compromised F5’s systems & downloaded portions of its BIG-IP source code—posing serious risk to FCEB agencies. Follow the guidance in ED 26-01 immediately to protect systems from potential exploits. 🔗 go.dhs.gov/isY

New research shows Credential Guard can still leak creds By abusing Remote Credential Guard, attackers can request NTLMv1 challenge responses and recover NT hashes - even on fully patched Windows 11 with VBS and PPL - Microsoft confirmed and marked it “won’t fix.” - PoC called

Stealing Microsoft Teams access tokens in 2025 blog.randorisec.fr/ms-teams-acces…

We’re investigating an issue impacting Azure Front Door services. Customers may experience intermittent request failures or latency. Updates will be provided shortly.

#Azure down „Starting at approximately 16:00 UTC, we began experiencing Azure Front Door issues resulting in a loss of availability of some services. In addition. customers may experience issues accessing the Azure Portal.“ status.cloud.microsoft shows http 503 error