🔔 Your essential security download is here! This week on Blumira Briefings, we're joined by Matt Warner, Jake Ouellette, and Mike Toole to break down the latest security headlines with practical insights for busy IT and security teams. 🔔

What We Cover This Week:

📱 Chrome patches 3rd actively-exploited vuln in a week - what this means for browser security 

🔐 Microsoft's patch Tuesday fixes 78 flaws, including five 0days and a CVSS 10.0 vulnerability in Azure DevOps Server

🔄 How attackers are abusing dynamic DNS services to create convincing phishing domains and evade detection 

🕸️ We look at a novel "Hazy Hawk" attack, exploiting abandoned CNAME records to hijack trusted domains 

📊 New "Likely Exploited Vulnerabilities" (LEV) metric proposed by NIST/CISA - will it help your prioritization?

💡 Quick tip of the week: Set a recurring "DNS spring cleaning day" to audit and remove obsolete or unused DNS records to prevent dangling CNAME attacks

Plus, Expert Insights On:

• Can you "just disable JavaScript" in modern web environments?
• How to properly secure your developer machines against token theft
• Why a complex password that's "keyboard walked" doesn't count as secure
• Better approaches to prioritizing vulnerabilities beyond just scores

🔗 RESOURCE LINKS:

Certificate Search: https://crt.sh/ 

DNS Twist Tool: https://dnstwist.it/

📰 SOURCES:

Google Chrome Zero-Day Fixes: https://www.bleepingcomputer.com/news/google/google-fixes-CVE-2024-4947-third-actively-exploited-chrome-zero-day-in-a-week/ 

Microsoft Patch Tuesday: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html 

Likely Exploited Vulnerabilities Metric: https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/ 

Dynamic DNS Attacks: https://www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator 

Hazy Hawk DNS Hijacking: https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/