Sign up to save your podcasts
Or
Share 🦔 Blumira Briefings, Ep. 4: Critical Apache & Fortinet Updates, Exchange EOL, and Slopsquatting Trends
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
🦔 Blumira Briefings, Ep. 4: Critical Apache & Fortinet Updates, Exchange EOL, and Slopsquatting Trends
🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔
What We Cover This Week:
📊 Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts
⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes
🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices
🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now
🏛️ CVE program uncertainty and temporary extension - what security teams need to know
🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029
🤖 "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistants
Plus, Expert Insights On:
- How to use vulnerability announcements to build effective tabletop exercises
- Defensive measures when fixes aren't available for active threats
- Why legacy systems like on-premises Exchange persist despite security risks
- Practical ways to handle certificate management automation
- Strategies for securing AI-assisted code development
Pro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!
🔗 SOURCES:
Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories
CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥
View all episodes
By Blumira🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔
What We Cover This Week:
📊 Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts
⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes
🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices
🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now
🏛️ CVE program uncertainty and temporary extension - what security teams need to know
🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029
🤖 "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistants
Plus, Expert Insights On:
- How to use vulnerability announcements to build effective tabletop exercises
- Defensive measures when fixes aren't available for active threats
- Why legacy systems like on-premises Exchange persist despite security risks
- Practical ways to handle certificate management automation
- Strategies for securing AI-assisted code development
Pro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!
🔗 SOURCES:
Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories
CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥