In The News

CISA Releases 10 Industrial Control Systems Advisories

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Improve Entra ID Security More Quickly

Email Bombs Exploit Lax Authentication in Zendesk

CISA Releases Thirteen Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

CISA Releases Ten Industrial Control Systems Advisories

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Four Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft Interview

BSides NoVa 2025 Presentation Slides Posted

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

Active Directory Security Tip #13: Kerberos Delegation

ShinyHunters Wage Broad Corporate Extortion Spree

Active Directory Security Tip #12: Kerberos Delegation

Active Directory Security Tip #11: Print Service on Domain Controllers

A History of Active Directory Security

Active Directory Security Tip #10: FSMO Roles

Active Directory Security Tip #9: Active Directory Backups

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Active Directory Security Tip #8: The Domain Kerberos Service Account – KRBTGT

Active Directory Security Tip #7: The Tombstone Lifetime

Active Directory Security Tip #6: Domain Controller Operating System Versions

Active Directory Security Tip #5: The Default Domain Administrator Account

One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens

Self-Replicating Worm Hits 180+ Software Packages

Active Directory Lab Build Script

Active Directory Security Tip #4: Default/Built-In Active Directory Groups

Detecting Active Directory Password Spraying Article

Active Directory Forest & Domain Levels

Active Directory Security Tip #3: Computer Accounts

Active Directory Security Tip #2: Active Directory User Accounts

Active Directory Security Tip #1: Active Directory Admins

Bulletproof Host Stark Industries Evades EU Sanctions

Microsoft Patch Tuesday, September 2025 Edition

18 Popular Code Packages Hacked, Rigged to Steal Crypto

GOP Cries Censorship Over Spam Filters That Work

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Detecting Password Spraying with Security Event Auditing

The Art of the Honeypot Account: Making the Unusual Look Normal

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

CISA Releases Thirty-Two Industrial Control Systems Advisories

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Seven Industrial Control Systems Advisories

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Microsoft Patch Tuesday, August 2025 Edition

Entra & Azure Elevated Access Revisited

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

CISA Releases Ten Industrial Control Systems Advisories

CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

Who Got Arrested in the Raid on the XSS Crime Forum?

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure

Thorium Platform Public Availability

CISA Releases Two Industrial Control Systems Advisories

Eviction Strategies Tool Released

Scammers Unleash Flood of Slick Online Gaming Sites

Extending AD CS attack surface to the cloud with Intune certificates

CISA and Partners Release Updated Advisory on Scattered Spider Group

CISA Releases Part One of Zero Trust Microsegmentation Guidance

CISA Releases Five Industrial Control Systems Advisories

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases Six Industrial Control Systems Advisories

Phishers Target Aviation Execs to Scam Customers

Joint Advisory Issued on Protecting Against Interlock Ransomware

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Releases Nine Industrial Control Systems Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog

CISA Releases Three Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

CISA Releases Six Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

DOGE Denizen Marko Elez Leaked API Key for xAI

CISA Releases Thirteen Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

UK Arrests Four in ‘Scattered Spider’ Ransom Group

CISA Releases One Industrial Control Systems Advisory

Microsoft Patch Tuesday, July 2025 Edition

CISA Adds Four Known Exploited Vulnerabilities to Catalog