Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week there were further details of in the wild zero-days exploited in Microsoft Exchange due to mitigation bypasses (see later), LastPass provided an update on their breach plus Okta confirmed its source code repositories were stolen. All of which have implications for various operational blue teams across the globe as they assess the risk and respond accordingly.

In the high-level this week:

• NSA Cyber Security Year in Review 2022 - discussions of supply chain attacks by China and then a broad summary of mission impact from NSA 👏.

• The Evolution of Cyber: Newest Subordinate Unified Command is Nation’s Joint Cyber Force - “The Cyber National Mission Force officially became the Department of Defense’s newest subordinate unified command, CNMF supports U.S. Cyber Command and national priorities such as election security, ransom…