Analyzing the Cycle of Cyber Retaliation Executive Summary The correlation between geopolitical tensions and cyber threat intensity is well-established, yet its temporal and sequential mechanics follow a precise model that defense teams must master. Analysis of recent conflicts reveals a standardized threat lifecycle: For CERTs and CSIRTs: Monitoring geopolitical indicators must now trigger specific vigilance…
Executive Summary In a coordinated international initiative, the ASD, CISA, FBI, and their partners released the “Bulletproof Defense” guide. This document goes beyond simple warnings; it provides a technical methodology to dismantle the tactical advantage of Bulletproof Hosting (BPH) providers. These actors are not merely lax hosts; they are architects of cybercrime, providing infrastructure resilient…
Executive Summary DNS4EU is an initiative by the European Union to deploy a public DNS resolution service that is free of charge, compliant with GDPR, and entirely operated within Europe. Launched in June 2025 after several years of preparation, this European DNS resolver aims to strengthen the EU’s digital sovereignty by providing an alternative to…
On November 14, 2025, Fortinet released a PSIRT advisory for a critical vulnerability affecting its FortiWeb Web Application Firewall (WAF). Tracked as CVE-2025-64446, this flaw carries a CVSS 3.1 score of 9.8 (Critical) and is confirmed to be actively exploited in the wild. Vulnerability Description The vulnerability is the result of a chain of two…
Fixing 63 Flaws Including 1 Active Zero-Day You will find below my hot take on this historic Microsoft Patch Tuesday, following the official end of support for Windows 10… I hope you find it useful. Executive Summary Overview of the November 2025 Patch Tuesday On November 11, 2025, Microsoft released its monthly batch of security…
Executive summary CSIRTs, CERTs, and SOCs rely on incident and threat taxonomies to classify, analyze, and share cybersecurity information consistently. This article compares the principal taxonomies in use—eCSIRT.net, ENISA’s Reference Incident Classification Taxonomy and Threat Taxonomy, FIRST’s CSIRT case classification guidance, MISP taxonomies, VERIS, and MITRE ATT&CK—covering their origins, structure, operational uses, strengths, limitations, and…
