Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

By Paul Ducklin — November 9^th 2022 at 19:58

In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

By Paul Ducklin — October 10^th 2022 at 18:02

Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.

S3 Ep103: Scammers in the Slammer (and other stories) [Audio + Text]

By Paul Ducklin — October 6^th 2022 at 14:43

Latest episode - listen and learn now (or read and revise, if the written word is your thing)...

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

By Paul Ducklin — October 1^st 2022 at 14:05

Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

By Paul Ducklin — September 30^th 2022 at 18:25

Double-play 0-day in Exchange - what you need to know, and what you can do

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

By Paul Ducklin — November 25^th 2021 at 12:38

Latest episode - listen now! Solid cybersecurity advice in plain English.

Check your patches – public exploit now out for critical Exchange bug

By Paul Ducklin — November 23^rd 2021 at 14:36

It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.