Executive Summary DNS4EU is an initiative by the European Union to deploy a public DNS resolution service that is free of charge, compliant with GDPR, and entirely operated within Europe. Launched in June 2025 after several years of preparation, this European DNS resolver aims to strengthen the EU’s digital sovereignty by providing an alternative to…
On November 14, 2025, Fortinet released a PSIRT advisory for a critical vulnerability affecting its FortiWeb Web Application Firewall (WAF). Tracked as CVE-2025-64446, this flaw carries a CVSS 3.1 score of 9.8 (Critical) and is confirmed to be actively exploited in the wild. Vulnerability Description The vulnerability is the result of a chain of two…
Fixing 63 Flaws Including 1 Active Zero-Day You will find below my hot take on this historic Microsoft Patch Tuesday, following the official end of support for Windows 10… I hope you find it useful. Executive Summary Overview of the November 2025 Patch Tuesday On November 11, 2025, Microsoft released its monthly batch of security…
Executive summary CSIRTs, CERTs, and SOCs rely on incident and threat taxonomies to classify, analyze, and share cybersecurity information consistently. This article compares the principal taxonomies in use—eCSIRT.net, ENISA’s Reference Incident Classification Taxonomy and Threat Taxonomy, FIRST’s CSIRT case classification guidance, MISP taxonomies, VERIS, and MITRE ATT&CK—covering their origins, structure, operational uses, strengths, limitations, and…
In this article, I present a summary of the security best practices for Microsoft Exchange Server, directly inspired by the recommendations published by the NSA and CISA. These guidelines aim to strengthen the resilience of Exchange environments hosted in data centers — whether on-premises or hybrid — against current threats, including email account compromises and…
Example of a high-tech digital forensics workspace: multiple monitors, specialized equipment (write-blockers, duplicators), and secure storage, all isolated from the corporate network. This article is an essay with a personal perspective. There are undoubtedly errors and strong positions, but I stand by them. Within a Computer Emergency Response Team (CERT), analysts are tasked with…
