8 best practices for CISOs conducting risk reviews

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The U.S. Securities and Exchange Commission SEC has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025,...

New IDC research highlights a major cloud security shift

Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year...

How CISOs Should Plan Security Budgets for 2026

Build a defensible 2026 security budget with data, not guesswork. We share practical tips, ROI levers, and fresh insights from our survey of 300+ CISOs and security leaders...

EUVD-2025-23283

Malicious code in bioql PyPI...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

CVE-2025-29556

ExaGrid EX10 vulnerable to Incorrect Access Control (CVE-2025-29556) in versions 6.3–7.0.1.P08. A flaw in the account creation flow allows an Admin to bypass restrictions via API request manipulation, enabling creation of Security Officer accounts without prior approval. Attack scenario: an Admin...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

Exploit for CVE-2025-29556

CVE-2025-29556 – ExaGrid Security Officer Account Creation Byp...

PT-2025-31459 · Exagrid · Exagrid Ex10

Name of the Vulnerable Software and Affected Versions: ExaGrid EX10 versions 6.3 through 7.0.1.P08 Description: ExaGrid EX10 versions 6.3 through 7.0.1.P08 are susceptible to an incorrect access control issue. Starting with version 6.3, ExaGrid implemented restrictions to prevent users with the...

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...

CISO: funciones y responsabilidades laborales 🛡️

Significado de CISO En el ámbito corporativo, CISO es un acrónimo ampliamente reconocido que denota a "Chief Information Security Officer", que se puede interpretar en español como el Encargado Principal de Salvaguardar la Información. Este encargo representa una posición esencial en el organigra...

SUSE-SU-2024:1447-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasnt shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a brea...

Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice

In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience. The growing need of SMEs and...

SEC cyber risk management rule—a security and compliance opportunity

In my practice as a Microsoft Global Black Belt, I focus on the technical and business enablement aspects of protecting organizations from cyber threats with tools like Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel. In my role as a board member for another publicly traded...

Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost

Compliance services are emerging as one of the hottest areas of cybersecurity. While compliance used to be mainly the province of large enterprises, times have changed, and it is now a day-to-day concern for a growing number of small and medium businesses. Even when these organizations are not...

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

The Conviction of Uber’s Chief Security Officer

I have been meaning to write about Joe Sullivan, Ubers former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. Its a complicated case, and Im not convinced that he deserved a guilty ruling or that its a good thing for the industry. I may still...