We will get reports under the Cyber Resilience Act concerning actively exploited vulnerabilities of products with digital elements. When should a national CSIRT delay the dissemination of such reports to other CSIRTs in the CSIRTs Network?

On Friday, April 10th, Fortinet released information about a worldwide compromise of FortiGate devices, giving the attacker persistent read-only access. Threat actors seemingly used three known vulnerabilities in the SSL VPN feature to gain initial access to the devices and a symbolic link in the file system to survive patching of FortiOS.

The EU is revising the 2017 Cybersecurity blueprint. Here is my take on the proposal.

What can the history of file sharing tell us about the prospects of chat control legislation?