Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week you will see some crunchy vulnerabilities had exploits released. One of these raised a question around vendor language in relation to the SaaS services - namely you are not vulnerable not that you weren’t vulnerable. This then raised the second order question when these type of vulnerabilities land do we need clearer communication around if as the customer we were vulnerable, when, what the IoCs were and if we have access to logs which allow us to confirm if exploitation happened in our context or not.

In the high-level this week:

• UK and US host international dialogue to advance cyber support for groups that strengthen democracy - Agency heads from nine countries share insights and approaches to help improve collective cyber resilience of global democracy.

• NPC Headliner Luncheon: Gen. Paul Nakasone - technology is adv…