Blumira Briefings
Blumira Briefings
Podcast Description
Staying on top of security news shouldn't be another full-time job.Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:Share the top threats, suspects, and risks we're seeing across our detection and response platformDiscuss significant security stories and what they mean for YOUProvide practical advice you can actually implement right away••Keep it conversational, informative, and under 30 minutes
Podcast Insights
Content Themes
The show focuses on critical security issues, trending threats, and risk analysis, with episodes discussing topics such as major vulnerabilities in software, breach incidents involving well-known companies, and analysis of specific security tools and methods. For example, the latest episode covers new flaws in VMware Tools and CrushFTP, CheckPoint's breach confirmation, and the rise of ransomware techniques like BlackSuit.
Staying on top of security news shouldn’t be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! 🔒
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we’re seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
••Keep it conversational, informative, and under 30 minutes
🔔 This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! 🔔
What We Cover This Week:
📊 Top trending threats across Blumira's platform – including a 50% WoW increase in Azure single-factor PowerShell auth attempts
⚠️ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes
🔥 Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution – plus known exploited vulnerabilities affecting 14,000 devices
🚨 Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 – why it's time to plan your migration now
🏛️ CVE program uncertainty and temporary extension – what security teams need to know
🔐 SSL/TLS certificate lifespans being reduced to just 47 days by 2029
🤖 ”Slopsquatting” attacks leveraging hallucinated package names from AI coding assistants
Plus, Expert Insights On:
- How to use vulnerability announcements to build effective tabletop exercises
- Defensive measures when fixes aren't available for active threats
- Why legacy systems like on-premises Exchange persist despite security risks
- Practical ways to handle certificate management automation
- Strategies for securing AI-assisted code development
Pro Tip: Search your Google Drive/SharePoint for files named ”password” – you might be surprised what your team is storing in the cloud!
🔗 SOURCES:
Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories
CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
AI ”Slopsquatting” Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Subscribe for your weekly security update, and check us out us on YouTube for our video edition! 🎥
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.