Executive Summary DNS4EU is an initiative by the European Union to deploy a public DNS resolution service that is free of charge, compliant with GDPR, and entirely operated within Europe. Launched in June 2025 after several years of preparation, this European DNS resolver aims to strengthen the EU’s digital sovereignty by providing an alternative to…
On November 14, 2025, Fortinet released a PSIRT advisory for a critical vulnerability affecting its FortiWeb Web Application Firewall (WAF). Tracked as CVE-2025-64446, this flaw carries a CVSS 3.1 score of 9.8 (Critical) and is confirmed to be actively exploited in the wild. Vulnerability Description The vulnerability is the result of a chain of two…
Fixing 63 Flaws Including 1 Active Zero-Day You will find below my hot take on this historic Microsoft Patch Tuesday, following the official end of support for Windows 10… I hope you find it useful. Executive Summary Overview of the November 2025 Patch Tuesday On November 11, 2025, Microsoft released its monthly batch of security…
Executive summary CSIRTs, CERTs, and SOCs rely on incident and threat taxonomies to classify, analyze, and share cybersecurity information consistently. This article compares the principal taxonomies in use—eCSIRT.net, ENISA’s Reference Incident Classification Taxonomy and Threat Taxonomy, FIRST’s CSIRT case classification guidance, MISP taxonomies, VERIS, and MITRE ATT&CK—covering their origins, structure, operational uses, strengths, limitations, and…
In this article, I present a summary of the security best practices for Microsoft Exchange Server, directly inspired by the recommendations published by the NSA and CISA. These guidelines aim to strengthen the resilience of Exchange environments hosted in data centers — whether on-premises or hybrid — against current threats, including email account compromises and…
Example of a high-tech digital forensics workspace: multiple monitors, specialized equipment (write-blockers, duplicators), and secure storage, all isolated from the corporate network. This article is an essay with a personal perspective. There are undoubtedly errors and strong positions, but I stand by them. Within a Computer Emergency Response Team (CERT), analysts are tasked with…
Executive Summary From Cost Play to Strategic Imperative In recent years, the financial services industry has shifted from treating open source as a peripheral experiment to embracing it as a core strategic component of technology and innovation. Today, virtually every bank, insurer, or asset manager uses open source software in some capacity, reflecting an understanding…
Executive Summary: On October 15, 2025, F5 Networks disclosed a major security breach involving a long-term compromise of its corporate systems by a highly sophisticated state-sponsored threat actor. The attackers maintained persistent access for over a year, notably into F5’s BIG-IP development environment, and exfiltrated sensitive data including portions of BIG-IP source code and details…
Microsoft’s October 2025 Patch Tuesday delivered fixes for 172 vulnerabilities across Windows and related products, including six zero-day flaws (vulnerabilities publicly disclosed or exploited before a patch was available). The updates also address eight “Critical” issues (five remote code execution and three elevation of privilege vulnerabilities) . Notably, this is the final Patch Tuesday that…
Since the second half of September 2025, the National Cybersecurity Response Team of Ukraine (CERT-UA) has observed a new wave of targeted cyberattacks against Ukrainian defense forces and local government institutions.These attacks have been attributed to the UAC-0239 group, believed to be operating on behalf of or in cooperation with Russian threat actors. The attackers…
