Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week it has been around Confluence exploitation (the subreddit ran one of our live threads collating open source). Interestingly this is the first time the Dutch government used some of their new powers to notify the owners of 15,000 vulnerable instances. Then there was the ongoing surge of interest in URI and default file handlers on Microsoft Windows (detailed reporting below). Then there was the disclosure that Click Studios had their code signing certificate for PasswordState misused because they shipped it in an installation bundle.

In the high-level this week:

• Washington Post article - Opinion The U.S.-Russia conflict is heating up - in cyberspace - seems like grey zone is going to be the cause of much study.

  • Russia also retorted with Russia says West risks 'direct military clash' over cyber attacks

• Royal Hansen from Google (an ex manager of mine several lifetimes a…