I'm glad to have played a small part in helping this come to fruition, but a lot of great people did a lot of great work on this. If you know anyone who could benefit from this scholarship opportunity, please pass it along. Doesn't solve the problem, but hopefully it helps!

Mandiant's Vulnerability & Exploitation team is hiring a senior analyst! Looking for people who understand vulnerabilities and how they can be exploited, have strong writing skills, and preferably have some software dev skills. If interested, please apply! jobs.smartrecruiters.com/Mandiant/74399…

If you want to know what great work my team does at Mandiant (part of Google Cloud), this blog is just one tiny part of the intelligence we're working on. It's their hard work that makes these types of things possible. Focus on the real threats, not the imagined.

If you're interested in learning more about how vulnerability intelligence can help you better prioritize your remediation efforts, please register for our upcoming webinar. Myself and Steve Carter will be discussing how Mandiant (part of Google Cloud) and Nucleus Security can do just that!

Last week, our episode of the Risky Business podcast came out, where we got to talk more about the recent Mandiant (part of Google Cloud) and Nucleus Security partnership and how integrating Mandiant's vulnerability intelligence into their platform can help operationalize vuln intelligence at scale!

In a webinar this week I said: "...but it's not entirely CVSS's fault..." I must be going soft. Not the worst standard in the vulnerability space (looking at your CPE...), but it's not good.

I'm going to start letting twitter know when I'm about to take PTO, because recent history tells me there is a good chance a big vuln will drop when I do...

#mWISE was a blast, and I'll have more thoughts on that soon, but coming home to a new member of the family was the highlight of an already great week. Welcome Cora Snickerdoodle Semrau!

As always, Catalin Cimpanu has nailed the analysis. OpenSSL vulns can be very serious, but we also need to not spin ourselves up without details. Even if they stayed "Critical," OpenSSL's Critical rating can cover a wide range of issues, many of which are objectively not critical.

This was some great work done by (casey) and fellow analysts. The culmination of five months of hard work researching and analyzing. Hopefully this continues to be of value for defenders trying to better understand the adversary and what they can do to protect themselves!

Had a blast talking with Maddie Stone about vulns and zero-days on Mandiant's latest The Defender's Advantage Podcast. It's great to have a conversation with other people who are passionate about vulnerabilities and doing what they can to protect people. open.spotify.com/episode/3tALEW…

Nothing like returning from PTO and seeing great traction on a piece you worked hard on for months (including from your CEO)! Big thanks to Maddie Stone and James Sadowski for the amazing collaboration. If you want to know about zero-days, this is not a report to miss. Enjoy!