Week in review

Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular …

Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 4 key steps to building an incident response plan In this Help Net Security …

Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, …

Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net Security interview, Hillary …

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise …

Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) If …

Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomLord: Open-source anti-ransomware exploit tool RansomLord is an …

Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in the wild …

Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering campaign Black Basta, one …

Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has …

Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence …

Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)