Breaches & Zero-Days on Osmond van Hemert

Breaches & Zero-Days on Osmond van Hemerthttps://www.osmondvanhemert.nl/series/breaches--zero-days/Recent content in Breaches & Zero-Days on Osmond van HemertHugo -- gohugo.ioen© Osmond van Hemert. All rights reserved.Thu, 13 Nov 2025 00:00:00 +0000The Zero-Day Treadmill — Why Patch Tuesday Still Matters in 2025https://www.osmondvanhemert.nl/posts/251113-zero-day-treadmill-patch-tuesday/Thu, 13 Nov 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/251113-zero-day-treadmill-patch-tuesday/November’s Patch Tuesday brought critical zero-days being actively exploited, reminding us that patch management is still the unglamorous foundation of security.The Spring 2025 Exploit Wave — Fortinet, Ivanti, and the Perimeter Problemhttps://www.osmondvanhemert.nl/posts/250424-spring-2025-exploit-wave-fortinet-ivanti/Thu, 24 Apr 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250424-spring-2025-exploit-wave-fortinet-ivanti/A surge of active exploitation targeting Fortinet and Ivanti edge devices highlights the persistent vulnerability of network perimeter infrastructure.Salt Typhoon and the Treasury Breach — State-Sponsored Hacking Hits Homehttps://www.osmondvanhemert.nl/posts/250102-salt-typhoon-treasury-breach/Thu, 02 Jan 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250102-salt-typhoon-treasury-breach/The Chinese state-sponsored Salt Typhoon campaign breached the US Treasury Department, exposing how even the most security-conscious organizations remain vulnerable.Salt Typhoon — The Telecom Hack That Should Worry Every Engineerhttps://www.osmondvanhemert.nl/posts/241219-salt-typhoon-telecom-hack/Thu, 19 Dec 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/241219-salt-typhoon-telecom-hack/The Salt Typhoon campaign has compromised major US telecoms at a staggering scale. What developers and architects need to understand about this ongoing threat.Salt Typhoon and the Telecom Breach — Infrastructure Under Siegehttps://www.osmondvanhemert.nl/posts/241114-salt-typhoon-telecom-breach/Thu, 14 Nov 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/241114-salt-typhoon-telecom-breach/The Salt Typhoon campaign has compromised major US telecom providers, exposing the fragility of critical infrastructure and the growing sophistication of state-sponsored cyber operations.Operation Cronos — The LockBit Takedown and What It Means for Cybersecurityhttps://www.osmondvanhemert.nl/posts/240222-lockbit-takedown-operation-cronos/Thu, 22 Feb 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240222-lockbit-takedown-operation-cronos/An international law enforcement coalition takes down the LockBit ransomware group’s infrastructure in a landmark operation.Jenkins Under Fire — CVE-2024-23897 and the Cost of Legacy Infrastructurehttps://www.osmondvanhemert.nl/posts/240125-jenkins-cve-2024-23897-cicd-security/Thu, 25 Jan 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240125-jenkins-cve-2024-23897-cicd-security/A critical Jenkins vulnerability allows arbitrary file reads through the CLI. Here’s why this matters more than your typical CVE and what it reveals about CI/CD security.ICBC Ransomware Attack — When the World's Largest Bank Gets Hithttps://www.osmondvanhemert.nl/posts/231116-icbc-lockbit-ransomware-attack/Thu, 16 Nov 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/231116-icbc-lockbit-ransomware-attack/The LockBit ransomware attack on ICBC’s US operations disrupted Treasury market trading and exposed critical vulnerabilities in financial infrastructure.HTTP/2 Rapid Reset — The Zero-Day That Hit Everyonehttps://www.osmondvanhemert.nl/posts/231012-http2-rapid-reset-attack/Thu, 12 Oct 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/231012-http2-rapid-reset-attack/CVE-2023-44487 exploits a fundamental aspect of HTTP/2 to enable record-breaking DDoS attacks. Here’s what you need to know and do.The MGM Resorts Hack — A $100M Lesson in Social Engineeringhttps://www.osmondvanhemert.nl/posts/230921-mgm-resorts-social-engineering-attack/Thu, 21 Sep 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230921-mgm-resorts-social-engineering-attack/The MGM Resorts cyberattack that started with a phone call is a stark reminder that the most sophisticated defenses can be undone by human vulnerability.Intel's Downfall Vulnerability — Another Speculative Execution Headachehttps://www.osmondvanhemert.nl/posts/230803-intel-downfall-cpu-vulnerability/Thu, 03 Aug 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230803-intel-downfall-cpu-vulnerability/A new Intel CPU vulnerability called Downfall exposes sensitive data through speculative execution, and the performance impact of mitigations is significant.ESXiArgs Ransomware — A Wake-Up Call for VMware Infrastructurehttps://www.osmondvanhemert.nl/posts/230202-esxiargs-ransomware-vmware-esxi/Thu, 02 Feb 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230202-esxiargs-ransomware-vmware-esxi/A massive ransomware campaign is exploiting a two-year-old VMware ESXi vulnerability, and the scale of unpatched systems is alarming.LastPass Breach Goes From Bad to Catastrophic — Customer Vaults Compromisedhttps://www.osmondvanhemert.nl/posts/221222-lastpass-breach-vault-data/Thu, 22 Dec 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/221222-lastpass-breach-vault-data/LastPass reveals attackers obtained copies of customer vault data, turning an already serious breach into one of the worst password manager incidents in history.OpenSSL's Critical Vulnerability — Lessons From a Week of Preparationhttps://www.osmondvanhemert.nl/posts/221103-openssl-critical-vulnerability-response/Thu, 03 Nov 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/221103-openssl-critical-vulnerability-response/The OpenSSL 3.0.7 patch for CVE-2022-3602 and CVE-2022-3786 arrived this week — here’s what happened and what it teaches us about vulnerability response.The Uber Breach — When MFA Isn't Enoughhttps://www.osmondvanhemert.nl/posts/220915-uber-breach-social-engineering/Thu, 15 Sep 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220915-uber-breach-social-engineering/A teenager allegedly breached Uber’s internal systems through social engineering and MFA fatigue, exposing fundamental weaknesses in how we think about authentication.Twilio's Phishing Breach — Why SMS-Based 2FA Is Living on Borrowed Timehttps://www.osmondvanhemert.nl/posts/220804-twilio-phishing-breach/Thu, 04 Aug 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220804-twilio-phishing-breach/Twilio’s breach through a sophisticated phishing attack targeting employees raises hard questions about SMS-based authentication and supply chain trust.Follina — The Zero-Day That Turns a Word Doc Into a Weaponhttps://www.osmondvanhemert.nl/posts/220602-follina-zero-day-msdt/Thu, 02 Jun 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220602-follina-zero-day-msdt/CVE-2022-30190, dubbed Follina, exploits Microsoft’s diagnostic tool through Office documents — no macros required.Spring4Shell Is Here — Assessing the Real Risk of CVE-2022-22965https://www.osmondvanhemert.nl/posts/220331-spring4shell-cve-2022-22965/Thu, 31 Mar 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220331-spring4shell-cve-2022-22965/A critical RCE vulnerability in Spring Framework has the internet in panic mode, but the actual risk profile is more nuanced than the Log4Shell comparisons suggest.Confluence Under Siege — CVE-2021-26084 and the Self-Hosted Software Problemhttps://www.osmondvanhemert.nl/posts/210902-confluence-rce-cve-2021-26084/Thu, 02 Sep 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210902-confluence-rce-cve-2021-26084/The critical Confluence Server RCE vulnerability is being actively exploited in the wild, raising urgent questions about the sustainability of self-hosted enterprise software.T-Mobile's Massive Data Breach — A Wake-Up Call for API Securityhttps://www.osmondvanhemert.nl/posts/210819-tmobile-data-breach-api-security/Thu, 19 Aug 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210819-tmobile-data-breach-api-security/The T-Mobile breach exposing 40+ million records highlights systemic failures in API security and data protection that the entire industry needs to address.Pegasus Spyware — Zero-Click Exploits and What They Mean for Software Securityhttps://www.osmondvanhemert.nl/posts/210715-pegasus-spyware-zero-click-exploits/Thu, 15 Jul 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210715-pegasus-spyware-zero-click-exploits/The Pegasus Project revelations expose industrial-grade zero-click exploits targeting journalists and activists — and raise uncomfortable questions about software supply chains.Colonial Pipeline Ransomware — When Cybersecurity Meets Critical Infrastructurehttps://www.osmondvanhemert.nl/posts/210506-colonial-pipeline-ransomware/Thu, 06 May 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210506-colonial-pipeline-ransomware/The Colonial Pipeline ransomware attack exposes how deeply intertwined our digital infrastructure has become with physical systems we take for granted.FireEye Breach — When the Red Team Gets Red-Teamedhttps://www.osmondvanhemert.nl/posts/201210-fireeye-breach-red-team-tools/Thu, 10 Dec 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/201210-fireeye-breach-red-team-tools/FireEye discloses that sophisticated attackers stole their red team tools. The implications for the security industry — and every organization using those tools — are serious.Zerologon — The 10-Out-of-10 Vulnerability That Should Terrify Youhttps://www.osmondvanhemert.nl/posts/200910-zerologon-cve-2020-1472/Thu, 10 Sep 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200910-zerologon-cve-2020-1472/CVE-2020-1472, dubbed Zerologon, scores a perfect 10.0 CVSS and allows full domain takeover with a handful of packets. Here’s what you need to know.The Twitter Bitcoin Hack — A Social Engineering Masterclasshttps://www.osmondvanhemert.nl/posts/200716-twitter-bitcoin-hack-social-engineering/Thu, 16 Jul 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200716-twitter-bitcoin-hack-social-engineering/The massive Twitter compromise that hit Barack Obama, Elon Musk, and Apple wasn’t a sophisticated zero-day — it was social engineering targeting internal tools. That’s the scary part.