Blumira Briefings
Staying on top of security news shouldn't be another full-time job.
Enter Blumira Briefings, our weekly panel series where security experts break down the headlines you might have missed, and explain what they actually mean for your security practice! π
Each week, join a lineup of different Blumira experts (and sometimes special guests!) who will:
- Share the top threats, suspects, and risks we're seeing across our detection and response platform
- Discuss significant security stories and what they mean for YOU
- Provide practical advice you can actually implement right away
β’β’Keep it conversational, informative, and under 30 minutes
Blumira Briefings
π¦ Blumira Briefings Ep. 17: Microsoft ADFS Phishing, NHI Boom, SSA Whistleblower
π Welcome to Blumira Briefings! This week, Zoe is joined by Chris Furner and Mike Toole to download the latest on critical vulnerabilities and emerging threats you need to know about. π
What We Cover This Week:
π³ Critical Docker Desktop vulnerability would allow attacks on host through unauthenticated Engine API access
π Git code execution vulnerability added to CISA's Known Exploited Vulnerabilities catalog
π High-severity vulnerabilities patched in Chrome and Firefox browsers (yes, V8 JS Engine again...)
π Attackers using legit office.com links with ADFS redirects to phish
π€ AI agent security in 2025: non-human identities now outnumber humans 82:1, so... what's your plan?
π¨ Whistleblower reports Social Security database exposure affecting 300+ million Americans
π‘ Quick tip of the week: Treat containers as applications running on your machine and scan them before execution, and check container images for vulnerabilities before running them on your system.
Expert Insights On:
- Container security best practices beyond built-in controls
- Preventing developers from cloning risky Git repositories
- How to start keeping count of non-human identities in your environment
- Evaluating when legacy systems might have better modern alternatives
π° SOURCES:
Docker Desktop Vulnerability: https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
CISA Git Vulnerability Alert: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/
Chrome/Firefox Patches: https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/
Microsoft ADFS Phishing: http://bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/
AI Identity Management: https://www.darkreading.com/cybersecurity-operations/growing-challenge-ai-agent-nhi-management
Social Security Whistleblower: https://whistleblower.org/press-release/whistleblower-warns-of-possible-risks-to-americans-social-security-information/
π LINKS:
How to freeze your credit (Krebs on Security): https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/
OWASP Agentic AI Threats & Mitigations: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/