Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week Microsoft OneNote files are being flung around with some exuberance by a variety of actors due to lack of mark-of-the-web. Then we had an offensive how to guide released to build them. We had a forced technical debt paydown event via the mass exploitation of vulnerable / use of latent compromises of VMWare ESXi globally by a ransomware group. As I mentioned James and I wrote paper on this scenario (and others) in Software Security Austerity - Software security debt in modern software development in 2012 - financial metaphors were harmed in its production.

In the high-level this week:

• Top White House cyber official set to retire next week - Chris Inglis will be missed. I would give odds on for betting who the replacement might be, but lets see..

• Record-breaking 2022 for North Korea crypto theft, U.N. Security Council …