Executive Summary DNS4EU is an initiative by the European Union to deploy a public DNS resolution service that is free of charge, compliant with GDPR, and entirely operated within Europe. Launched in June 2025 after several years of preparation, this European DNS resolver aims to strengthen the EU’s digital sovereignty by providing an alternative to…
On November 14, 2025, Fortinet released a PSIRT advisory for a critical vulnerability affecting its FortiWeb Web Application Firewall (WAF). Tracked as CVE-2025-64446, this flaw carries a CVSS 3.1 score of 9.8 (Critical) and is confirmed to be actively exploited in the wild. Vulnerability Description The vulnerability is the result of a chain of two…
Fixing 63 Flaws Including 1 Active Zero-Day You will find below my hot take on this historic Microsoft Patch Tuesday, following the official end of support for Windows 10… I hope you find it useful. Executive Summary Overview of the November 2025 Patch Tuesday On November 11, 2025, Microsoft released its monthly batch of security…
Executive summary CSIRTs, CERTs, and SOCs rely on incident and threat taxonomies to classify, analyze, and share cybersecurity information consistently. This article compares the principal taxonomies in use—eCSIRT.net, ENISA’s Reference Incident Classification Taxonomy and Threat Taxonomy, FIRST’s CSIRT case classification guidance, MISP taxonomies, VERIS, and MITRE ATT&CK—covering their origins, structure, operational uses, strengths, limitations, and…
In this article, I present a summary of the security best practices for Microsoft Exchange Server, directly inspired by the recommendations published by the NSA and CISA. These guidelines aim to strengthen the resilience of Exchange environments hosted in data centers — whether on-premises or hybrid — against current threats, including email account compromises and…
Example of a high-tech digital forensics workspace: multiple monitors, specialized equipment (write-blockers, duplicators), and secure storage, all isolated from the corporate network. This article is an essay with a personal perspective. There are undoubtedly errors and strong positions, but I stand by them. Within a Computer Emergency Response Team (CERT), analysts are tasked with…
Executive Summary: On October 15, 2025, F5 Networks disclosed a major security breach involving a long-term compromise of its corporate systems by a highly sophisticated state-sponsored threat actor. The attackers maintained persistent access for over a year, notably into F5’s BIG-IP development environment, and exfiltrated sensitive data including portions of BIG-IP source code and details…
Microsoft’s October 2025 Patch Tuesday delivered fixes for 172 vulnerabilities across Windows and related products, including six zero-day flaws (vulnerabilities publicly disclosed or exploited before a patch was available). The updates also address eight “Critical” issues (five remote code execution and three elevation of privilege vulnerabilities) . Notably, this is the final Patch Tuesday that…
I hesitated for a long time before writing an article on this subject, as it seems both delicate and inevitable given the transformational impact of AI for all of us. While corporate management celebrates the productivity gains brought by ChatGPT and its competitors, security teams face a far more concerning reality: generative AI has become,…
Executive Summary RFC 9794 establishes standardized terminology for hybrid cryptographic schemes that combine post-quantum and traditional algorithms. As organizations prepare for the quantum computing threat, this reference document ensures consistent communication across protocols, standards, and security teams. It defines key concepts including PQ/T hybrid schemes, composite constructions, security properties (hybrid confidentiality, hybrid authentication), and certificate…
