Blumira Briefings
Staying on top of security news shouldn't be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! π
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we're seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
β’β’Keep it conversational, informative, and under 30 minutes
Blumira Briefings
π¦ Blumira Briefings, Ep. 4: Critical Apache & Fortinet Updates, Exchange EOL, and Slopsquatting Trends
π This week on Blumira Briefings: critical vulnerabilities, cybersecurity drama, and practical tips for your security team! π
What We Cover This Week:
π Top trending threats across Blumira's platform - including a 50% WoW increase in Azure single-factor PowerShell auth attempts
β οΈ CVSS 10 Apache Roller vulnerability enabling unauthorized session persistence after password changes
π₯ Claimed Fortinet 0day vulnerability allowing unauthenticated remote code execution - plus known exploited vulnerabilities affecting 14,000 devices
π¨ Microsoft Exchange 2016/2019 reaching end-of-life in October 2024 - why it's time to plan your migration now
ποΈ CVE program uncertainty and temporary extension - what security teams need to know
π SSL/TLS certificate lifespans being reduced to just 47 days by 2029
π€ "Slopsquatting" attacks leveraging hallucinated package names from AI coding assistants
Plus, Expert Insights On:
- How to use vulnerability announcements to build effective tabletop exercises
- Defensive measures when fixes aren't available for active threats
- Why legacy systems like on-premises Exchange persist despite security risks
- Practical ways to handle certificate management automation
- Strategies for securing AI-assisted code development
Pro Tip: Search your Google Drive/SharePoint for files named "password" - you might be surprised what your team is storing in the cloud!
π SOURCES:
Critical Apache Roller Vulnerability: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Fortinet Zero-Day Bug: https://www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
Microsoft Exchange EOL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
CISA ICS Advisories: https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories
CVE Program Update: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
SSL/TLS Certificate Changes: https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
AI "Slopsquatting" Attacks: https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Subscribe for your weekly security update, and check us out us on YouTube for our video edition! π₯