Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.

Server hardening’s core principle is, “unnecessary functionality compromises security.” Adopting Linux should greatly simplify the process. No matter which flavor of Linux you choose to run, hardening your servers should be the same process; once you know one, you know them all. When it comes to Oracle Linux Server Hardening, what works for Red Hat or CentOS should continue to work. In theory, yes, but in practice, there are significant differences that could make or break your project.

The Federal Financial Institutions Examination Council (FFIEC) retired its Cybersecurity Assessment Tool (CAT) on August 31, 2025. This self-assessment resource, used by financial institutions to gauge cybersecurity risk and readiness, won’t be updated going forward. The FFIEC launched CAT in 2015 to help organizations measure their exposure to risk and assess their cyber preparedness.