Blumira Briefings

Blumira
  • 0.0 (0)
  • TECH NEWS

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

  1. 1D AGO

    Blumira Briefings Feb 6, 2026: SolarWinds vulns, infostealers without borders, and AI agent risk

    Welcome back to this week's Blumira Briefings, your top headlines and trends for your security practice. In this episode: - SolarWinds Web Help Desk critical vulnerabilities allowing unauthenticated remote code execution - Microsoft's warning about sophisticated infostealer campaigns targeting macOS, Python apps, and messaging platforms - Emerging threat vector: AI agents with privileged access being exploited for credential theft Like the new format? Have a security topic you want us to cover? Let us know in the comments! Sources: -- SolarWinds Web Help Desk Vulns: https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html -- Cross-Platform Infostealers Research: https://www.microsoft.com/en-us/security/blog/2026/02/02/infostealers-without-borders-macos-python-stealers-and-platform-abuse/ -- AI Agent Security Risks: https://permiso.io/blog/inside-the-openclaw-ecosystem-ai-agents-with-privileged-credentials

    11 min

  2. JAN 30

    New Year, New Blumira Briefing: AiTM Attacks, AD/POSIX, and AI Agents

    Blumira Briefings are back for 2026 with a svelte new runtime to get you the critical security developments you need to know about even faster. In this episode:  - Microsoft 365 services being exploited in sophisticated Adversary-in-the-Middle phishing campaigns - Active Directory vulnerability involving the 'primaryGroupID' attribute that could enable privilege escalation - Emerging security challenges in AI agent runtime environments Like the new look? Wanna see us cover something in next week's episode? Let us know below! Sources: AiTM Phishing Campaign: https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/ Active Directory Vulnerability: https://trustedsec.com/blog/adventures-in-primary-group-behavior-reporting-and-exploitation AI Agent Security Risks: https://www.microsoft.com/en-us/security/blog/2026/01/23/runtime-risk-realtime-defense-securing-ai-agents/

    10 min

  3. 09/26/2025

    🦔 Blumira Briefings Ep. 20: Rootkit Fixes, Airport Outages, & Entra ID Takeover

    🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔 What We Cover This Week: 🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score  🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances  ✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems  🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants  📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks 💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates Plus, more insights on: How out-of-bounds write vulnerabilities workThe importance of inventory and asset management for tracking end-of-life equipmentWhy service-to-service (S2S) token abuse is especially concerning for cloud securityThe value of manual fallback procedures when critical systems are compromisedHow trusted publishing with OIDC can strengthen software supply chain securityBest practices for AI governance 🔗 LINKS:  OWASP AI BOM Project: https://owasp.org/www-project-aibom/ SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint 📰 SOURCES:  WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/  SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/  European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/  Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html  GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/  CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html

    55 min

  4. 09/19/2025

    🦔 Blumira Briefings Ep. 19: Security Wins, Zero Trust Turns 15, Education Beats Ransomware

    It was a rare "light week" for major critical updates, giving us a chance to talk about some deeper trends and stories. Here’s what we covered:  📧 Microsoft Exchange 2016/2019 end of support coming in 30 days - migration options and considerations 💻 NPM supply chain attack limited to minimal damage despite widespread potential impact, attackers made less than $1k 🤖 Microsoft forcing Copilot installation in October - we talk security implications and how to opt-out 🔒 Zero Trust’s quinceañera - can it still help us, or has the term been too “buzzwordified”?  🎓 Education sector's impressive ransomware defense improvements - ransom amounts dropping, and payments dropping even more! 💡 Quick tip of the week: Try treating every remote device as though it were connecting from an unknown coffee shop network - implement strong network segmentation, SSL everywhere, and posture checks to maintain security regardless of connection location Plus, Expert Insights On: Why some organizations still opt for on-premises Exchange versus cloud alternativesThe security implications of auto-installing AI tools like Copilot with hard-to-find opt-out optionsHow the "Salty2FA" phishing kit demonstrates increasing sophistication in social engineering attacksWhy positive reinforcement works better than punishment in security awareness programsHow to leverage education sector successes as examples when advocating for security investments 📰 SOURCES:  Microsoft Exchange 2016/2019 End of Support: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-30-days/  NPM Supply Chain Attack: https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/  Microsoft Copilot Force Install: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-the-microsoft-365-copilot-app-in-october/  Salty2FA Phishing Kit: https://www.infosecurity-magazine.com/news/salty2fa-phishing-kit/ Education Ransomware Success: https://www.infosecurity-magazine.com/news/ransomware-payments-plummet/ Zero Trust at 15: https://www.securityweek.com/zero-trust-is-15-years-old-why-full-adoption-is-worth-the-struggle/

    55 min

  5. 09/18/2025

    🦔 Blumira Briefings Ep. 18: Android's Mega Patch, API Key Exploits, Remote Access Abuse Tactics

    🔔 It's time for your essential security download with Blumira Briefings! This week, Zoe is joined by Mike Toole, Nick Dixon, and Justin Kikani to break down the week's most important security headlines with context you can actually use. 🔔 What We Cover This Week: 📱 Android's largest patch of 2025 with 120 fixes, including two actively exploited vulnerabilities 🌐 EOL’d TP-Link router flaws added to CISA's Known Exploited Vulnerabilities catalog ☁️ New research: massive phishing operation abusing expired domains through Google Cloud and Cloudflare infrastructure 🔑 SalesLoft Drift breach via GitHub account compromise affecting 22+ known companies so far 💻 New research showing remote access software abuse as the #1 pre-ransomware indicator 💡 Quick tip of the week: Consider using Canary Tokens embedded in your website's branding or footer to get alerts when someone clones your site for phishing purposes Plus, Expert Insights On: - How to handle Android devices that are no longer receiving manufacturer updates - Why to treat every remote work laptop like it's connecting from a coffee shop - Practical tips for keeping track of your organization's domains, to prevent brand impersonation - Best practices for rapid response to remote access tool abuse, key to preventing ransomware execution - Why you should consider rotating API keys after vendor security incidents 📰 SOURCES: Android's September Security Patch: https://www.theregister.com/2025/09/03/android_patch_september/ TP-Link Router Vulnerabilities: https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html Phishing Empire Using Google Cloud: https://www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare SalesLoft Drift Breach: https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html Remote Access Abuse Study: https://www.infosecurity-magazine.com/news/remote-access-abuse-pre-ransomware/

    42 min

  6. 08/27/2025

    🦔 Blumira Briefings Ep. 17: Microsoft ADFS Phishing, NHI Boom, SSA Whistleblower

    🔐 Welcome to Blumira Briefings! This week, Zoe is joined by Chris Furner and Mike Toole to download the latest on critical vulnerabilities and emerging threats you need to know about. 🔐 What We Cover This Week: 🐳 Critical Docker Desktop vulnerability would allow attacks on host through unauthenticated Engine API access  🔑 Git code execution vulnerability added to CISA's Known Exploited Vulnerabilities catalog  🌐 High-severity vulnerabilities patched in Chrome and Firefox browsers (yes, V8 JS Engine again...) 🔒 Attackers using legit office.com links with ADFS redirects to phish 🤖 AI agent security in 2025: non-human identities now outnumber humans 82:1, so... what's your plan? 🚨 Whistleblower reports Social Security database exposure affecting 300+ million Americans 💡 Quick tip of the week: Treat containers as applications running on your machine and scan them before execution, and check container images for vulnerabilities before running them on your system. Expert Insights On: Container security best practices beyond built-in controlsPreventing developers from cloning risky Git repositoriesHow to start keeping count of non-human identities in your environmentEvaluating when legacy systems might have better modern alternatives📰 SOURCES: Docker Desktop Vulnerability: https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/  CISA Git Vulnerability Alert: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/  Chrome/Firefox Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/  Microsoft ADFS Phishing: http://bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/  AI Identity Management: https://www.darkreading.com/cybersecurity-operations/growing-challenge-ai-agent-nhi-management  Social Security Whistleblower: https://whistleblower.org/press-release/whistleblower-warns-of-possible-risks-to-americans-social-security-information/ 🔍 LINKS:  How to freeze your credit (Krebs on Security): https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/ OWASP Agentic AI Threats & Mitigations: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

    43 min

  7. 08/22/2025

    🦔 Blumira Briefings Ep. 16: New Cisco CVSS 10, Zero Trust Temp Check, & Special Guest Tom Lawrence!

    🔐 Welcome to Blumira Briefings! This week, our security experts are joined by Tom Lawrence of Lawrence Systems to break down the latest headlines, trends, and tips you need to know about.  What We Cover This Week: 🔥 Cisco's latest CVSS 10.0 vulnerability in Secure Firewall Management Center allows unauthenticated remote command execution 🖥️ Zoom Windows client privilege escalation vulnerability and Xerox FreeFlow Core remote code execution flaws -- patch now! 💬 Microsoft Teams RCE vulnerability allowing attackers to read, write, and delete messages through complex attack 🌡️ Tailscale's 2025 State of Zero Trust Report gives a look at how zero-trust methods are viewed and used today ⚠️ Latest trends on Blumira platform, including suspicious VPN activity and registry value tampering We also got to pick Tom's brain on what he's learned during his 30-year career, and why he's drawn to helping others learn. He also shares all the places he gets his own news updates, and how you can to... check it out! 💡 Quick tip of the week: Embrace uncertainty! When presenting on security topics, it's okay to say "I don't know" and follow up later. EXTRA BONUS TIP: Creating "anti-notes" that remind you what topics to avoid can help keep presentations focused and effective 📰 SOURCES: Cisco Firewall Management Center Vulnerability: https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/ Zoom and Xerox Security Updates: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html Microsoft Teams RCE Vulnerability: https://cybersecuritynews.com/microsoft-teams-rce-vulnerability/ Tailscale Zero Trust Report: https://tailscale.com/resources/report/zero-trust-report-2025 🔗  RESOURCES: Tom's Security News Feed: https://lawrence.video/cybernews CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model NIST 800-207 Zero Trust Architecture Guide: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

    55 min

  8. 08/14/2025

    🦔 Blumira Briefings Ep. 15: On-Prem Exchange Risks, S3 Bucket Leaks & Direct Send Phishing Tactics

    Welcome back to Blumira Briefings, freshly back after our summer break! Join Zoe and our panel of security experts Jake Ouellette, Michael Kellar, and Chris Furner as we dive into the week's most critical security headlines with actionable context. What We Cover This Week: 🔐 Critical Microsoft Exchange vulnerability (CVE-2025-53786) affecting on-premises servers - 29,000+ servers remain unpatched, let’s talk why 📱 Android's August security patch addressing critical vulnerabilities, including a zero-click RCE exploit and Qualcomm Adreno GPU flaws  ⏰ Windows 11 23H2 Home and Pro reaching end of support in November - why support cycles are getting shorter ☁️ Millions of records exposed through an unsecured AWS S3 bucket - how this common misconfiguration continues to cause major data breaches  📧 How attackers are abusing Microsoft 365's "Direct Send" feature to bypass security measures and appear as trusted internal senders 💡 Quick tip of the week: Run regular scans for exposed S3 buckets using tools like S3Scanner or S3Enum. Even if you don't think your organization has AWS instances, shadow infrastructure might exist without your knowledge. Plus, Expert Insights On: Why some organizations still maintain on-premises Exchange servers despite cloud alternativesHow to handle Android device security when updates depend on manufacturer timelinesThe challenge of keeping pace with accelerating Windows update cyclesEssential cloud storage security practices to prevent data exposureStrategies to protect against sophisticated internal email spoofing 📰 SOURCES: Microsoft Exchange Vulnerability: https://hackread.com/29k-microsoft-exchange-servers-unpatched-networks-risk/  Android Security Update: https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can  Windows 11 End of Support: https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ AWS S3 Bucket Exposure: https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/  Microsoft 365 Direct Send Phishing: https://www.darkreading.com/cyber-risk/phishers-abuse-m365-direct-send-to-spoof-internal-users 🔗 LINKS: Atomic Red Team Testing Framework: https://www.atomicredteam.io/ S3Scanner GitHub Repository: https://github.com/sa7mon/S3Scanner  S3Enum GitHub Repository: https://github.com/koenrh/s3enum  DorkSearch Tool: https://dorksearch.com/ Google Dorks Awesome List : https://github.com/Tobee1406/Awesome-Google-Dorks

    51 min
See All (21)

About

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

Information

  • Creator
    Blumira
  • Years Active
    2025 - 2026
  • Episodes
    21
  • Rating
    Clean
  • Copyright
    © 2026 Blumira Briefings
  • Show Website
    Blumira Briefings