Blumira Briefings

Blumira
  • 0.0 (0)
  • TECH NEWS

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

  1. 2D AGO

    NPM Malware, Top IRS Scams 2026, and SonicWall Security Failings - Blumira Briefings

    Welcome to Blumira Briefings, bringing you a weekly download of the top headlines and trends for your security practice. *This week's episode:* -  Another software supply chain hit: Typosquatted npm packages are harvesting creds and propagating through dev environments. - Tax season is open season for threat actors: refund hijacking, credential phishing, and payroll fraud risks are escalating for businesses and their employees. - When perimeter security becomes the liability: Marquis claims compromised firewall data paved the way for ransomware. Like the new format? Have a security topic you want us to cover? Let us know in the comments! *Sources:* - Self-spreading npm malware targets developers in new supply chain attack: https://www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack - Taxing times: Top IRS scams to look out for in 2026: https://www.welivesecurity.com/en/scams/taxing-times-top-irs-scams-look-out-2026 - Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack: https://techcrunch.com/2026/02/24/marquis-sonicwall-lawsuit-ransomware-firewall-breach *Chapters:* 0:00 Intro 0:31 Self-Spreading NPM Malware 3:54 IRS Scams 2026 Edition 10:18 SonicWall Security Failings

    15 min

  2. FEB 20

    Operation DoppelBrand, OpenClaw Exfiltration, and AI-Generated Passwords - Blumira Briefings

    Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice. In this week's episode: -  Threat actor group GS7 impersonates Fortune 500 companies (incl. Wells Fargo, USAA, Navy Federal, and Fidelity) using spoofed domains with highly accurate cloned login portals. - Hudson Rock detected the first known case of infostealer malware successfully exfiltrating a victim's OpenClaw AI agent configuration environment - Researchers tested Claude, ChatGPT, and Gemini for password generation and found all three produce predictable passwords that can be quickly brute-forced. Like the new format? Have a security topic you want us to cover? Let us know in the comments! Sources: - Operation DoppelBrand: Weaponizing Fortune 500 Brands: https://www.darkreading.com/cyberattacks-data-breaches/operation-doppelbrand-weaponizing-fortune-500-brands - Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens: https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html - Your AI-generated password isn't random, it just looks that way: https://www.theregister.com/2026/02/18/generating_passwords_with_llms

    14 min

  3. FEB 13

    Microsoft Super Patch Tuesday, Trojanized Installers and Ransomware Groups Pivot - Blumira Briefings

    Welcome to Blumira Briefings, your top headlines and trends for your security practice. This week's episode: - Microsoft released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild - A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node - Following a series of highly successful data-exfiltration-only attacks, ransomware groups are stealing victims’ data without encrypting it Like the new format? Have a security topic you want us to cover? Let us know in the comments! Sources: -- Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html -- Malicious 7-Zip site distributes installer laced with proxy tool https://www.bleepingcomputer.com/news/security/malicious-7-zip-site-distributes-installer-laced-with-proxy-tool -- Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter https://www.securityweek.com/ransomware-groups-may-pivot-back-to-encryption-as-data-theft-tactics-falter

    11 min

  4. FEB 6

    Blumira Briefings Feb 6, 2026: SolarWinds vulns, infostealers without borders, and AI agent risk

    Welcome back to this week's Blumira Briefings, your top headlines and trends for your security practice. In this episode: - SolarWinds Web Help Desk critical vulnerabilities allowing unauthenticated remote code execution - Microsoft's warning about sophisticated infostealer campaigns targeting macOS, Python apps, and messaging platforms - Emerging threat vector: AI agents with privileged access being exploited for credential theft Like the new format? Have a security topic you want us to cover? Let us know in the comments! Sources: -- SolarWinds Web Help Desk Vulns: https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html -- Cross-Platform Infostealers Research: https://www.microsoft.com/en-us/security/blog/2026/02/02/infostealers-without-borders-macos-python-stealers-and-platform-abuse/ -- AI Agent Security Risks: https://permiso.io/blog/inside-the-openclaw-ecosystem-ai-agents-with-privileged-credentials

    11 min

  5. JAN 30

    New Year, New Blumira Briefing: AiTM Attacks, AD/POSIX, and AI Agents

    Blumira Briefings are back for 2026 with a svelte new runtime to get you the critical security developments you need to know about even faster. In this episode:  - Microsoft 365 services being exploited in sophisticated Adversary-in-the-Middle phishing campaigns - Active Directory vulnerability involving the 'primaryGroupID' attribute that could enable privilege escalation - Emerging security challenges in AI agent runtime environments Like the new look? Wanna see us cover something in next week's episode? Let us know below! Sources: AiTM Phishing Campaign: https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/ Active Directory Vulnerability: https://trustedsec.com/blog/adventures-in-primary-group-behavior-reporting-and-exploitation AI Agent Security Risks: https://www.microsoft.com/en-us/security/blog/2026/01/23/runtime-risk-realtime-defense-securing-ai-agents/

    10 min

  6. 09/26/2025

    🦔 Blumira Briefings Ep. 20: Rootkit Fixes, Airport Outages, & Entra ID Takeover

    🔔Welcome back for this week’s Blumira Briefings! This week, we're joined by Jake Ouellette and Mike Toole to break down the week's most important security headlines with context to help your security practice. 🔔 What We Cover This Week: 🔥 WatchGuard critical vulnerability fix for Firebox firewalls with 9.3 CVSS score  🛡️ SonicWall releases firmware update to remove OVERSTEP rootkit from end-of-life appliances  ✈️ European airports disrupted by ransomware attack against Collins Aerospace check-in systems  🔐 Microsoft patches critical Entra ID vulnerability that allowed global admin impersonation across tenants  📦 GitHub enhances npm security with trusted publishing to fight phishing and malware campaigns 🤖 Expert guidance on implementing effective AI governance frameworks 💡 Quick tip of the week: If you're stuck using end-of-life network security devices, you can still reduce risk by hiding management interfaces from the public internet, restricting management to specific IPs, enabling comprehensive logging, and regularly checking vendor notifications for emergency updates Plus, more insights on: How out-of-bounds write vulnerabilities workThe importance of inventory and asset management for tracking end-of-life equipmentWhy service-to-service (S2S) token abuse is especially concerning for cloud securityThe value of manual fallback procedures when critical systems are compromisedHow trusted publishing with OIDC can strengthen software supply chain securityBest practices for AI governance 🔗 LINKS:  OWASP AI BOM Project: https://owasp.org/www-project-aibom/ SANS Secure AI Blueprint: https://www.sans.org/mlp/ai-security-blueprint 📰 SOURCES:  WatchGuard Firebox Vulnerability: https://hackread.com/watchguard-fix-for-firebox-firewall-vulnerability/  SonicWall Rootkit Update: https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/  European Airport Disruptions: https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/  Microsoft Entra ID Vulnerability: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html  GitHub npm Security: https://www.theregister.com/2025/09/23/github_npm_registry_security/  CISO AI Governance: https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html

    55 min

  7. 09/19/2025

    🦔 Blumira Briefings Ep. 19: Security Wins, Zero Trust Turns 15, Education Beats Ransomware

    It was a rare "light week" for major critical updates, giving us a chance to talk about some deeper trends and stories. Here’s what we covered:  📧 Microsoft Exchange 2016/2019 end of support coming in 30 days - migration options and considerations 💻 NPM supply chain attack limited to minimal damage despite widespread potential impact, attackers made less than $1k 🤖 Microsoft forcing Copilot installation in October - we talk security implications and how to opt-out 🔒 Zero Trust’s quinceañera - can it still help us, or has the term been too “buzzwordified”?  🎓 Education sector's impressive ransomware defense improvements - ransom amounts dropping, and payments dropping even more! 💡 Quick tip of the week: Try treating every remote device as though it were connecting from an unknown coffee shop network - implement strong network segmentation, SSL everywhere, and posture checks to maintain security regardless of connection location Plus, Expert Insights On: Why some organizations still opt for on-premises Exchange versus cloud alternativesThe security implications of auto-installing AI tools like Copilot with hard-to-find opt-out optionsHow the "Salty2FA" phishing kit demonstrates increasing sophistication in social engineering attacksWhy positive reinforcement works better than punishment in security awareness programsHow to leverage education sector successes as examples when advocating for security investments 📰 SOURCES:  Microsoft Exchange 2016/2019 End of Support: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-30-days/  NPM Supply Chain Attack: https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/  Microsoft Copilot Force Install: https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-the-microsoft-365-copilot-app-in-october/  Salty2FA Phishing Kit: https://www.infosecurity-magazine.com/news/salty2fa-phishing-kit/ Education Ransomware Success: https://www.infosecurity-magazine.com/news/ransomware-payments-plummet/ Zero Trust at 15: https://www.securityweek.com/zero-trust-is-15-years-old-why-full-adoption-is-worth-the-struggle/

    55 min

  8. 09/18/2025

    🦔 Blumira Briefings Ep. 18: Android's Mega Patch, API Key Exploits, Remote Access Abuse Tactics

    🔔 It's time for your essential security download with Blumira Briefings! This week, Zoe is joined by Mike Toole, Nick Dixon, and Justin Kikani to break down the week's most important security headlines with context you can actually use. 🔔 What We Cover This Week: 📱 Android's largest patch of 2025 with 120 fixes, including two actively exploited vulnerabilities 🌐 EOL’d TP-Link router flaws added to CISA's Known Exploited Vulnerabilities catalog ☁️ New research: massive phishing operation abusing expired domains through Google Cloud and Cloudflare infrastructure 🔑 SalesLoft Drift breach via GitHub account compromise affecting 22+ known companies so far 💻 New research showing remote access software abuse as the #1 pre-ransomware indicator 💡 Quick tip of the week: Consider using Canary Tokens embedded in your website's branding or footer to get alerts when someone clones your site for phishing purposes Plus, Expert Insights On: - How to handle Android devices that are no longer receiving manufacturer updates - Why to treat every remote work laptop like it's connecting from a coffee shop - Practical tips for keeping track of your organization's domains, to prevent brand impersonation - Best practices for rapid response to remote access tool abuse, key to preventing ransomware execution - Why you should consider rotating API keys after vendor security incidents 📰 SOURCES: Android's September Security Patch: https://www.theregister.com/2025/09/03/android_patch_september/ TP-Link Router Vulnerabilities: https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html Phishing Empire Using Google Cloud: https://www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare SalesLoft Drift Breach: https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html Remote Access Abuse Study: https://www.infosecurity-magazine.com/news/remote-access-abuse-pre-ransomware/

    42 min
See All (24)

About

Staying on top of security news shouldn't be another full-time job. Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒 Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will: Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes

Information

  • Creator
    Blumira
  • Years Active
    2025 - 2026
  • Episodes
    24
  • Rating
    Clean
  • Copyright
    © 2026 Blumira Briefings
  • Show Website
    Blumira Briefings