In The News

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Six Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

The Cloudflare Outage May Be a Security Roadmap

Microsoft Patch Tuesday, November 2025 Edition

Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

CISA Adds One Known Exploited Vulnerability to Catalog

CISA and Partners Release Advisory Update on Akira Ransomware

CISA Releases 18 Industrial Control Systems Advisories

Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Google Sues to Disrupt Chinese SMS Phishing Triad

CISA Adds One Known Exploited Vulnerability to Catalog

Drilling Down on Uncle Sam’s Proposed TP-Link Ban

CISA Releases Four Industrial Control Systems Advisories

Cloudflare Scrubs Aisuru Botnet from Top Domains List

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Five Industrial Control Systems Advisories

Active Directory Security Tip #14: Group Managed Service Accounts (GMSAs)

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

New Guidance Released on Microsoft Exchange Server Security Best Practices

CISA Releases Three Industrial Control Systems Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Aisuru Botnet Shifts from DDoS to Residential Proxies

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

CISA Releases Eight Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

Canada Fines Cybercrime Friendly Cryptomus $176M

CISA Releases 10 Industrial Control Systems Advisories

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Improve Entra ID Security More Quickly

Email Bombs Exploit Lax Authentication in Zendesk

CISA Releases Thirteen Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

CISA Releases Ten Industrial Control Systems Advisories

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Four Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft Interview

BSides NoVa 2025 Presentation Slides Posted

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

Active Directory Security Tip #13: Kerberos Delegation

ShinyHunters Wage Broad Corporate Extortion Spree

Active Directory Security Tip #12: Kerberos Delegation

Active Directory Security Tip #11: Print Service on Domain Controllers

A History of Active Directory Security

Active Directory Security Tip #10: FSMO Roles

Active Directory Security Tip #9: Active Directory Backups

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Active Directory Security Tip #8: The Domain Kerberos Service Account – KRBTGT

Active Directory Security Tip #7: The Tombstone Lifetime

Active Directory Security Tip #6: Domain Controller Operating System Versions

Active Directory Security Tip #5: The Default Domain Administrator Account

One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens

Self-Replicating Worm Hits 180+ Software Packages

Active Directory Lab Build Script

Active Directory Security Tip #4: Default/Built-In Active Directory Groups

Detecting Active Directory Password Spraying Article

Active Directory Forest & Domain Levels

Active Directory Security Tip #3: Computer Accounts

Active Directory Security Tip #2: Active Directory User Accounts

Active Directory Security Tip #1: Active Directory Admins

Bulletproof Host Stark Industries Evades EU Sanctions

Microsoft Patch Tuesday, September 2025 Edition

18 Popular Code Packages Hacked, Rigged to Steal Crypto

GOP Cries Censorship Over Spam Filters That Work

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Detecting Password Spraying with Security Event Auditing

The Art of the Honeypot Account: Making the Unusual Look Normal

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

CISA Releases Thirty-Two Industrial Control Systems Advisories

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Seven Industrial Control Systems Advisories

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Microsoft Patch Tuesday, August 2025 Edition

Entra & Azure Elevated Access Revisited

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

CISA Releases Ten Industrial Control Systems Advisories

CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

Who Got Arrested in the Raid on the XSS Crime Forum?

CISA Adds Three Known Exploited Vulnerabilities to Catalog