A look at August '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
A high-impact cybersecurity methodology designed to test IT systems, people, processes, and organisational resilience.| Twelvesec
This year at BSides Las Vegas, a panel discussing the CVE program and crisis occurred. I watched the panel discussion after the fact, since I did not attend. For full transparency, something MITRE …| Rants of a deranged squirrel.
Global enterprises are rethinking payment processing, and single-processor strategies are no longer enough. In this video, Bluefin’s Chief Revenue Officer,… The post Video: Why Enterprises Are Moving to Multi-Processor Payment Strategies appeared first on Bluefin.| Bluefin
Crafting a budget with IT and security in mind is not always obvious, but it is incredibly important. Read what to consider in a cybersecurity budget here.| FRSecure
As businesses collect and process more sensitive data than ever before – from PII and PHI to ACH and payment… The post Video: What is data tokenization, and why does it matter for modern security? appeared first on Bluefin.| Bluefin
July’s cyber security vendor transaction highlights 48 total funding and M&A transactions $1.17 Billion raised over 41 rounds 7 M&A events Crunching the Numbers The $1.17 Billion raised in July 2025 represents a 58% increase in funding raised when compared to July 2024. 41 funding rounds were tracked in July ’25 compared to 25 in […] The post July ’25 Cyber Security Vendor Funding | M&A appeared first on Pinpoint Search Group.| Pinpoint Search Group
The recent Microsoft SharePoint breach is yet another stark reminder of the systemic vulnerabilities embedded in our overreliance on monolithic tech ecosystems. When you centralize critical infrastructure—especially within sprawling platforms like SharePoint—you create a single, oversized attack surface that adversaries can exploit with devastating precision. This wasn’t just a technical failure; it was a cultural one. The post SharePoint Zero-Day Breach Hits Hundreds of Companies, Affe...| Purism
On July 14, 2025, a relatively new security company named Miggo Security announced a new offering called VulnDB. Even for my casual readers you may have done a double-take thinking I just made a gl…| Rants of a deranged squirrel.
A security researcher investigated an archive of commits on GitHub, which developers had likely thought they had deleted, […]| DEVCLASS
To address evolving threats, businesses and organisations need to test their defences in a way that mimics reality, not hypotheticals. Threat Led Penetration Testing (TLPT) is a methodology that simulates real-world adversaries using real-world tactics.| Twelvesec
Q2 Cyber Security Vendor Transaction Highlights 118 total funding and M&A transactions $4.2 Billion raised over 100 rounds 18 total M&A events Crunching the Numbers The $4.2 Billion raised in Q2, 2025 represents a 25% increase in funding raised when compared to Q2, 2024. 100 funding rounds were tracked in Q2 ’25 compared to 98 […] The post Cyber Security Vendor Funding Report – Q2, 2025 appeared first on Pinpoint Search Group.| Pinpoint Search Group
A look at June '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
On 11 June 2025, UK Parliament completed the final round of “ping‑pong” over the Data (Use and Access) Bill in the House of Lords, paving the way for Royal Assent and its conversion into the Data (Use and Access) Act 2025 This is a major milestone in updating the UK’s data protection landscape post‑Brexit—and it signals that smart, responsible data use is now firmly on the national agenda. What You Should Know The Act introduces several important refinements: A staggered roll‑ou...| The Software Bureau
Have you ever wondered how your incident response preparations stack up to other organizations? The FRSecure team has been gathering data from our| FRSecure
Ever wondered what happens if you take the technique at "Can a LLM convert C, to ASM to specs and then to a working Z/80 Speccy tape? Yes." and run it against the Atasslian Command Line (ACLI) interface? Strap yourself in, as the Z80 is amongst one| Geoffrey Huntley
A look at May '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
A comparison of medical prevention practises to cybersecurity ones.| Twelvesec
A look at April '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
Yesterday, Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, issued a statement on the CVE program. Trying to summarize the last several days and what happened is tricky, but you can read my LinkedIn posts as well as countless news articles and folks talking about. The super tl;dr is that on April 15, a […]| Rants of a deranged squirrel.
On April 16, 2025, IBM posted their X-Force 2025 Threat Intelligence Index. Like many reports of this nature, it covers a wide variety of aspects relating to threat intelligence. Of course, one of …| Rants of a deranged squirrel.
Tor proxy owners are replacing Bitcoin payment addresses to divert payments from ransomware victims to their own wallets.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Vulnerability disclosure analysts are long familiar with so-called “mega advisories”, ones that typically come from vendors and often for products that ship appliances using hundreds of libraries or products with an entire operating system included. Such advisories can literally represent over 500 vulnerabilities in one shot. I’ll try to make this a bit fun! Disclaimer: […]| Rants of a deranged squirrel.
[4/13/2025 Update: See very end, below last image, for an amusing update.] Today was the second day of VulnCon 2025, a conference whose stated purpose is “to collaborate with various vulnerab…| Rants of a deranged squirrel.
Q1 Cyber Security Vendor Transaction Highlights 103 total funding and M&A transactions $2.2 Billion raised over 85 rounds 17 total M&A events 1 IPO Crunching the Numbers The $2.2 Billion raised in Q1, 2025 represents a 4% decrease in funding raised when compared to Q1, 2024. 85 funding rounds were tracked in Q1 ’25 compared […] The post Cyber Security Vendor Funding Report – Q1, 2025 appeared first on Pinpoint Search Group.| Pinpoint Search Group
A look at march '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
Once a Silicon Valley darling, DNA testing company 23andMe has now gone into administration—leaving behind not just a troubled balance sheet, but a trove of highly sensitive personal data. Millions of customers entrusted the firm with their genetic information, family histories, and health predispositions. Now, the burning question: what happens to that data? The debate has ignited fears over data ownership, consent, and corporate accountability. In the UK, administrators are bound by GDPR,...| The Software Bureau
A researcher has described how a vulnerability in GitHub’s CodeQL, a tool for detecting security issues, had the […]| DEVCLASS
One year ago, I checked the top 1 million “websites” for a security.txt file and then posted the results in this blog. As it was described at the time, I used a tool written by someone else who had already run this “experiment” in 2022.| Gonçalo Valério
What’s Your Story CVE-2015-2551? This CVE-2015-2551 entry seems straight-forward, based on the description provided by CVE or NVD. Looking at the change history on NVD it is a bit more informative: So the ID was created for the 2015 calendar year, apparently not used, rejected seven years later, and confirmed by the assigning CNA (Microsoft). […]| Rants of a deranged squirrel.
After years of chasing down typos in CVE IDs, now we all have to contend with poorly researched headlines and apparent to me ambulance chasing over mistaken product names. If you missed the news, t…| Rants of a deranged squirrel.
Many individuals outside the realm of cybersecurity often underestimate the intricacies involved in a security professional’s role. Since its inception in 2012, the CISO MindMap has served as a valuable educational resource, offering insights into CISO responsibilities and aiding security professionals in crafting and enhancing their security programs. Continuously adapting to reflect the evolving landscape of cybersecurity, the CISO MindMap has been updated to accommodate the latest develo...| Rafeeq Rehman | Cyber Security | Board Advisory
Whether you’re a cybersecurity professional, compliance officer, or simply keen to understand how DORA impacts financial entities, this guide will address your burning questions. Let’s demystify what DORA means for your organisation—and how to turn compliance regulations into a strategic advantage.| Twelvesec
One aspect of vulnerability intelligence is also doing a best-faith effort to track the threat actors that are using the vulnerabilities. While that information often isn’t published, when it…| Rants of a deranged squirrel.
These LLMs are shockingly good at deobfuscation, transpilation and structure to structure conversions. I discovered this back around Christmas where I asked an LLM to make me an Haskell audio library by transpiling a rust implementation. An “oh fuck” moment in timeOver the Christmas break I’ve been critically looking| Geoffrey Huntley
The post Digital Operational Resilience Act – DORA appeared first on Twelvesec.| Twelvesec
What is Red Teaming and is it a cybersecurity service that your organisation needs?| Twelvesec
The Common Weakness Enumeration (CWE) is a MITRE run, community-developed list of common software and hardware weaknesses (Wikipedia Page). The project defines a “weakness” as “a …| Rants of a deranged squirrel.
A look at January '25 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
Introduction In this article, we dive into the storage system of the NEAR blockchain. We'll explore how storage works on NEAR, how to...| Sigma Prime
We need to start architecting our data-flows in a way that makes it harder for attackers to continue exfiltrating sensitive data our of our infrastructures| Diogo Mónica
A few months ago, United States General Vincent Brooks warned the Senate about the growing threat from North Korean cyber-attacks, saying, "While I would not| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Reading Time: 3minutesThe Main Thread - Issue #1 - A newsletter about software engineering by Alessandro Diaferia focusing on engineering practices and startup engineering. The post The Main Thread – Issue #1 appeared first on Alessandro Diaferia.| Alessandro Diaferia
[I wrote this on September 21st, but apparently forgot to ultimately move from GDoc to Blog. I suspect because it really needs to be cleaned up as it is my first draft. Rather than do that, since t…| Rants of a deranged squirrel.
Personal webpage of Alexandre Dulaunoy - from information security to open source and art| Alexandre Dulaunoy - adulau - Home Page
A look at December '24 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
The post Introducing Tabletop Exercises (TTX) appeared first on Twelvesec.| Twelvesec
A new service offered by TwelveSec aiming to tackle any cybersecurity issues as fast as possible.| Twelvesec
Cybersecurity risk management is a critical process for organizations aiming to safeguard their assets, systems, and data from potential threats. Effective risk management involves the following ten best practices. Continue reading → The post Ten Best Practices for Cybersecurity Risk Management appeared first on Rafeeq Rehman | Cyber Security | Board Advisory.| Rafeeq Rehman | Cyber Security | Board Advisory
A look at October '24 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
From Ruins to Resilience: How Developing and Utilizing Open Source Solutions Enhances CSIRT Capabilities --- ”Some cities have fallen into ruin and some are built upon ruins but others contain their own ruins while still growing.” Jeffrey Eugenides Introduction At CIRCL (Computer Incident Response Center Luxembourg), part of the Luxembourg House of Cybersecurity (LHC), we embarked on a journey to build and sustain open-source solutions for CSIRTs. With over 14 years of experience, we’ve...| Alexandre Dulaunoy - adulau - Home Page
The post The EU NIS 2 Directive appeared first on Twelvesec.| Twelvesec
This is part two of my thoughts on Known Exploited Vulnerabilities (KEV), and where it gets a lot more interesting! Please see the first blog before starting here. Automation / Eagerness To Add Rea…| Rants of a deranged squirrel.
Good password hygiene is part of any individual’s basic InfoSec. Whether at home or at work, it is imperative to manage your passwords / credentials to the many places we rely on each day. Data is more and more valuable. Yet the passwords we use haven’t kept pace. So what are people to do? Why […] The post Password Madness! appeared first on MlakarTechTalk.| MlakarTechTalk
This is the first of two blogs with my thoughts on Known Exploited Vulnerabilities (KEV) tracking and the challenges that come with tracking them. Introduction On November 03, 2021, Cybersecurity a…| Rants of a deranged squirrel.
On June 5, 2024, I sent a FOIA request to National Institute of Standards and Technology requesting a copy of the contract between the National Vulnerability Database (NVD) and ANALYGENCE, a contra…| Rants of a deranged squirrel.
Improve Your Forensic Analyses with hashlookup Alexandre Dulaunoy a@foo.be Introduction For several decades, forensic analyses in cybersecurity have relied on known software hash sources. These sources are not numerous. Most investigators and security researchers use sources like the National Software Reference Library (NSRL) and its Reference Data Set (RDS) to distinguish known files from unknown ones. For several years at CIRCL, it became evident that we were finding it increasingly difficu...| Alexandre Dulaunoy - adulau - Home Page
This blog post provides essential resources for security professionals and software developers looking to secure data in the post-quantum era. It highlights key organizations such as NIST, the Linux Foundation, and the Post-Quantum Cryptography Alliance, which are leading efforts in quantum-resistant cryptography. Additionally, it introduces open-source libraries that facilitate the implementation of quantum-safe encryption algorithms, offering practical tools for integrating cutting-edge sec...| Rafeeq Rehman | Cyber Security | Board Advisory
Hey ya all! Since I’ve read around a| evilsocket
I recently was given a survey to fill out by an organization I do training for. I suppose it’s a pretty predictable set of questions about who I am and how I got into the industry, and advice I have for people who are just starting out. But it caught me at just the right… Continue reading “You Caught Me In An Introspective Moment”→| Righteous IT
A look at July '24 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
While SEC Regulation S-P has been around for decades, recent updates place a larger emphasis on cybersecurity. Here is what you need to know about the updates.| FRSecure
On July 19, 2024, a major disruption world-wide occurred due to a faulty software update issued by CrowdStrike, a leading cybersecurity firm. This update| ChurchTechToday.com | Resources for today's church
After reading an excellent blog post last week, followed by some news stories, I decided to have a play around with Perplexity.AI to see whether I could reproduce what was reported. However, I got a l| www.bentasker.co.uk
A look at June '24 cyber security vendor transactions. Stay tuned into infosec funding and acquisitions news with our monthly report.| Pinpoint Search Group
At TurkuSec meetup in April, I had the opportunity to share my insights on a pressing issue we’ve been researching lately at F-Secure: the cybersecurity challenges faced by digital natives. T…| Joel Latto
Personal webpage of Alexandre Dulaunoy - from information security to open source and art| Alexandre Dulaunoy - adulau - Home Page
Earlier this year, I decided to explore Redis functionality a bit more deeply than my typical use-cases would require. Mostly due to curiosity, but also to have better knowledge of this tool in my “tool belt”.| Gonçalo Valério
About two days ago, hundreds of thousands of leeches were reported on Ubuntu's torrent tracker - downloading gigabits of data, but never reporting that they'd completed any chunks. My precious Linux ISOs (yes, really) were under attack. But whose botnet is this, why are they all downloading Ubuntu, and just how big is the botnet they're controlling? Let's dig in.| tweedge's blog
Many individuals outside the realm of cybersecurity often underestimate the intricacies involved in a security professional’s role. Since its inception in 2012, the CISO MindMap has served as a valuable educational resource, offering insights into CISO responsibilities and aiding security … Continue reading →| Rafeeq Rehman | Cyber Security | Board Advisory
Yesterday, at the first inaugural VulnCon, Tanya Brewer from the NVD gave a presentation that was listed on the agenda as “NVD Symposium”. At the talk, her slides began with a header &#…| Rants of a deranged squirrel.
In the real world, psychological safety is political. There are some who say that psychological safety isn’t political. We think it is. What does “political” mean? At its broadest level, politics determine the ways people in groups make decisions. This […]| Psych Safety
If you have worked with Microsoft Endpoint Manager Configuration Manager (MEMCM, CM for short and previously known as SCCM) for more than a day, you are probably aware of its immense power that it can yield on any and all of the clients it manages. It has an extremely mature Role Based Administration model that…| Mike's Tech Blog
Context| 0x44.cc
While responsibilities of leaders in information security are very extensive as shown in the CISO MindMap, following are seven foundational and “must-have” capabilities that every information security program should have. If any of these capabilities is missing, the first priority … Continue reading →| Rafeeq Rehman | Cyber Security | Board Advisory
So a while back I read a blog post about using OpenSSL engines on Windows as part of a local privesc exploit against a certain VPN client. This got me thinking. If every time the OpenSSL library is…| Darren Martyn
This exploit was brought to you by “reading the manual”, mostly. It is the second local privilege escalation I found while doing an extremely low effort audit of Zimbra. You should read…| Darren Martyn
In this 7SIGNAL webinar I shared my opinions on the current security situation with public/guest Wi-Fi. Many of the problems from years ago are mostly resolved, all without much change in how guest…| Frame by Frame
I get why we could think at first that one learns much better when there’s no sugarcoat, and the “real meat” is attacked directly, to grasp the sense of what is really going on here, with no fake assumption.| Blog of Litchi Pi
Every month millions of people have their passwords stolen. Here we explain how to keep your passwords secure | Originally written for F-Secured – Your complete guide to online security in 20…| Joel Latto
Personal webpage of Alexandre Dulaunoy - from information security to open source and art| Alexandre Dulaunoy - adulau - Home Page
As hacker summer camp swings into full gear, I reflect upon the time where I was arrested under suspicion of transforming a Hong Kong university mail server into a 0-day warez site and almost spent time in hacker winter camp. I was, fortunately, 13 at the time and last week| Geoffrey Huntley
Personal webpage of Alexandre Dulaunoy - from information security to open source and art| Alexandre Dulaunoy - adulau - Home Page
Personal webpage of Alexandre Dulaunoy - from information security to open source and art| Alexandre Dulaunoy - adulau - Home Page
McDonalds in Australia do a decent cup of coffee. It’s not great but it’s consistently decent so I often start my day with a cup. Due to my travels around Australia in a decked out van I have seen how many McDonalds operate and just how many of| Geoffrey Huntley