https://www.osmondvanhemert.nl/series/cybersecurity-landscape/Recent content in Cybersecurity Landscape on Osmond van HemertHugo -- gohugo.ioen© Osmond van Hemert. All rights reserved.Thu, 15 Jan 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260115-nist-post-quantum-crypto-migration/Thu, 15 Jan 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260115-nist-post-quantum-crypto-migration/NIST’s post-quantum cryptography standards are finalized, and the migration timeline is no longer theoretical — it’s operational.https://www.osmondvanhemert.nl/posts/251009-cisa-secure-by-design-traction/Thu, 09 Oct 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/251009-cisa-secure-by-design-traction/CISA’s Secure by Design initiative is moving from voluntary pledges to measurable industry impact, and software vendors are starting to feel the pressure.https://www.osmondvanhemert.nl/posts/250925-eu-chatcontrol-encryption-threat/Thu, 25 Sep 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250925-eu-chatcontrol-encryption-threat/The EU’s latest push to scan encrypted messages reignites the fundamental debate about whether governments can mandate backdoors without destroying security for everyone.https://www.osmondvanhemert.nl/posts/240926-cups-vulnerability-linux-printing-security/Thu, 26 Sep 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240926-cups-vulnerability-linux-printing-security/A chain of vulnerabilities in CUPS, the Linux printing system, enables remote code execution — and highlights how forgotten infrastructure becomes a security liability.https://www.osmondvanhemert.nl/posts/240815-nist-post-quantum-cryptography/Thu, 15 Aug 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240815-nist-post-quantum-cryptography/NIST has published its first three finalized post-quantum cryptography standards. Here’s what developers need to know and do.https://www.osmondvanhemert.nl/posts/240718-crowdstrike-global-outage/Thu, 18 Jul 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240718-crowdstrike-global-outage/A faulty CrowdStrike Falcon sensor update has caused one of the largest IT outages in history, bricking millions of Windows machines worldwide.https://www.osmondvanhemert.nl/posts/240704-regresshion-openssh-vulnerability/Thu, 04 Jul 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240704-regresshion-openssh-vulnerability/CVE-2024-6387 reveals a critical remote code execution flaw in OpenSSH, and it’s a regression from a fix made back in 2006.https://www.osmondvanhemert.nl/posts/240613-microsoft-recall-delayed-security/Thu, 13 Jun 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240613-microsoft-recall-delayed-security/Microsoft pulls Windows Recall from the upcoming Copilot+ PC launch after security researchers demonstrate alarming vulnerabilities in the feature’s data storage.https://www.osmondvanhemert.nl/posts/240502-rsa-conference-2024-ai-security/Thu, 02 May 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240502-rsa-conference-2024-ai-security/RSA Conference 2024 kicks off in San Francisco with AI dominating every conversation. But beneath the marketing buzz, there are real security challenges emerging that practitioners need to face.https://www.osmondvanhemert.nl/posts/231221-terrapin-ssh-attack-vulnerability/Thu, 21 Dec 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/231221-terrapin-ssh-attack-vulnerability/Researchers disclose the Terrapin attack against SSH, demonstrating that even our most trusted protocols can harbor subtle cryptographic weaknesses.https://www.osmondvanhemert.nl/posts/230504-google-passkeys-passwords-future/Thu, 04 May 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230504-google-passkeys-passwords-future/Google enables passkey sign-in for all Google Accounts, marking the most significant push yet toward a passwordless future built on FIDO2 and WebAuthn.https://www.osmondvanhemert.nl/posts/230309-us-national-cybersecurity-strategy-2023/Thu, 09 Mar 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230309-us-national-cybersecurity-strategy-2023/The Biden administration’s new cybersecurity strategy shifts liability toward software vendors, and developers need to pay attention.https://www.osmondvanhemert.nl/posts/220707-cloudflare-mantis-record-ddos/Thu, 07 Jul 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220707-cloudflare-mantis-record-ddos/Cloudflare mitigated the largest HTTPS DDoS attack ever recorded at 26 million requests per second. The Mantis botnet represents a new generation of volumetric threats.https://www.osmondvanhemert.nl/posts/220421-heroku-security-breach-supply-chain/Thu, 21 Apr 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220421-heroku-security-breach-supply-chain/Heroku’s OAuth token breach exposes the fragile trust chain in platform-as-a-service dependencies and what it means for developers.https://www.osmondvanhemert.nl/posts/220324-lapsus-group-okta-microsoft-breach/Thu, 24 Mar 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220324-lapsus-group-okta-microsoft-breach/The Lapsus$ hacking group has breached both Okta and Microsoft, exposing critical weaknesses in identity provider security and third-party access management.https://www.osmondvanhemert.nl/posts/220224-hermeticwiper-ukraine-cyber-warfare/Thu, 24 Feb 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220224-hermeticwiper-ukraine-cyber-warfare/As conflict erupts in Ukraine, destructive wiper malware targeting critical infrastructure signals a new chapter in state-sponsored cyber operations.https://www.osmondvanhemert.nl/posts/210923-owasp-top-10-2021-update/Thu, 23 Sep 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210923-owasp-top-10-2021-update/The OWASP Top 10 gets its first update since 2017, and the changes reflect how fundamentally our attack surface has evolved.https://www.osmondvanhemert.nl/posts/210916-azure-omigod-vulnerability-cloud-agents/Thu, 16 Sep 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210916-azure-omigod-vulnerability-cloud-agents/The OMIGOD vulnerabilities in Azure’s silently-installed OMI agent expose a troubling pattern: cloud providers deploying software on your VMs without your knowledge or consent.https://www.osmondvanhemert.nl/posts/210121-signal-surge-whatsapp-privacy/Thu, 21 Jan 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210121-signal-surge-whatsapp-privacy/WhatsApp’s updated privacy policy drives millions to Signal, highlighting the growing demand for privacy-respecting open-source alternatives.https://www.osmondvanhemert.nl/posts/201022-nsa-cisa-china-advisory/Thu, 22 Oct 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/201022-nsa-cisa-china-advisory/A joint NSA/CISA advisory details 25 CVEs actively exploited by Chinese state-sponsored actors. The uncomfortable truth: most are well-known and patchable.https://www.osmondvanhemert.nl/posts/200618-iot-growth-pandemic-security/Thu, 18 Jun 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200618-iot-growth-pandemic-security/Home IoT device sales have surged during lockdowns, and every one of those devices just joined a corporate network via VPN. The security implications are significant.https://www.osmondvanhemert.nl/posts/200430-apple-google-exposure-notification-api/Thu, 30 Apr 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200430-apple-google-exposure-notification-api/Apple and Google collaborate on a Bluetooth-based exposure notification system that puts privacy-preserving architecture front and center.https://www.osmondvanhemert.nl/posts/200326-zoom-security-crisis/Thu, 26 Mar 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200326-zoom-security-crisis/Zoom’s explosive pandemic-driven growth is exposing serious security and privacy issues. The ‘Zoombombing’ phenomenon is just the tip of the iceberg.https://www.osmondvanhemert.nl/posts/200213-cia-crypto-ag-backdoor/Thu, 13 Feb 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200213-cia-crypto-ag-backdoor/The Washington Post reveals the CIA secretly owned Crypto AG for decades, selling compromised encryption to governments worldwide. The supply chain trust implications are staggering.https://www.osmondvanhemert.nl/posts/200109-nsa-cve-2020-0601-windows-cryptoapi/Thu, 09 Jan 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200109-nsa-cve-2020-0601-windows-cryptoapi/The NSA disclosed CVE-2020-0601, a critical vulnerability in Windows CryptoAPI’s certificate validation. The fact that they reported it instead of hoarding it marks a notable shift.