Hi Reader
Hers's your News
FIRST Releases 2026 Vulnerability Report, Projecting Record-Breaking Common Vulnerabilities and Exposures
For the first time ever, annual CVE disclosures expected to surpass 50,000, signaling a potential paradigm shift in vulnerability management workloads
Wed, 11 Feb 2026 00:00:00 GMT
FIRST Welcomes New Members and Thanks Sponsoring Teams!
FIRST has welcomed 64 new members over the second semester of 2025: 39 Teams, 23 Liaisons, and 2 Associates. Most growth comes from new Teams and Liaisons from the US (+9), Dominican Republic (+7), Taiwan, Province of China (+5), Switzerland (+3), Germany (+3), Great Britain (+3), Republic of Korea (+3), and Mexico (+3). Overall at the end of 2025, FIRST community covers 116 countries, and is composed of 824 Teams (+87), 4 Associates (+4), and 202 Liaisons (+44).
Mon, 26 Jan 2026 00:00:00 GMT
Zimbabwe FIRST Technical Colloquium
May 06-08, 2026<br/> Victoria Falls (ZW)<br/>
Fri, 16 Jan 2026 00:00:00 GMT
Why We Can’t Stop Talking About Information Sharing
I know — it’s a tired topic. So much has been written about information sharing that it can feel like white noise. Yet, it remains a critical issue that we haven't quite solved. During a recent trip to China, I heard a recurring concern: “People no longer share vulnerabilities with us.” When I mention this back home, the common retort is, “Well, of course — their state actors will just use that data to attack us.”
Thu, 08 Jan 2026 00:00:00 GMT
2025 Vulnerability Forecast: Year-End Review
As 2025 draws to a close, we find ourselves in the satisfying position of reviewing forecasts that worked. Next year’s forecast will look and feel a bit different, but you can expect that in January and we like to keep them separate.
Mon, 29 Dec 2025 00:30:00 GMT
Upskilling Communications
Sharing information in cybersecurity is vital for prevention and response. There’s a lot of technical processes available, and best practice to learn from. FIRST, for example, was created for that exact reason back in the 90s, to share techniques and information between teams.
Tue, 16 Dec 2025 00:00:00 GMT
Training and CCB
FIRST continues to provide training on different cybersecurity topics and in different parts of the world through our Community Trainers and CCB program. From October to December, FIRST has delivered nine trainings across seven economies with support from our training community, thanks to everyone for sharing their expertise and experience!
Tue, 16 Dec 2025 00:00:00 GMT
Record Growth Announcement, Cybersecurity Awareness Month and African Cyber Capacity Building
Growth Stack Media secured and tracked 29 pieces of earned media coverage for FIRST in Q4FY25 across notable publications including Dark Reading, SecurityBrief, and IT Brief. [You can view the full CoverageBook of articles here](https://www.first.org/newsroom/newsletters/FIRST_FY25Q4_PR_Coverage.pdf).
Tue, 16 Dec 2025 00:00:00 GMT
Special Interest Group Updates
The new [**Time Security SIG**](https://www.first.org/global/sigs/time/) was approved and started operating. It exists to help the global FIRST community prepare for the 2036–2038 epoch rollovers. By coordinating research, testing, and outreach on time integrity, the SIG connects CSIRTs, vendors, and standards bodies to strengthen resilience across critical infrastructure. It´s goal is to ensure the world’s clocks keep running — securely — long past 2038. If you are interested in more information or want to join, head over to https://www.first.org/global/sigs/time/.
Tue, 16 Dec 2025 00:00:00 GMT
Standards Update
Big milestone at the ITU-T SG17 closing plenary (Thursday 2025-12-11) in Geneva! The membership officially approved C396 XS.TP.epoch "Technical Report on Global Coordination Requirements for 2038-class rollover events (including but not limited to 2036, 2038, and 2106)".
Tue, 16 Dec 2025 00:00:00 GMT
Member Spotlight
Tue, 16 Dec 2025 00:00:00 GMT
FIRST Reports Record Growth and Expanding Global Impact
Momentum Year Marked by Record Membership, New Resources, and Broader Collaboration Across 110+ Countries
Wed, 10 Dec 2025 14:00:00 GMT
FIRST POST: Oct-Dec 2025
Message from the Chair; Member Spotlight; Standards Update; Special Interest Group Updates; Training and CCB; Record Growth Announcement, Cybersecurity Awareness Month and African Cyber Capacity Building; Why We Can’t Stop Talking About Information Sharing; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Upcoming Events
Tue, 09 Dec 2025 00:00:00 GMT
Paris 2026 FIRST Technical Colloquium
February 9-10, 2026<br/> Paris (FR)<br/>
Tue, 09 Dec 2025 00:00:00 GMT
Bangalore 2026 FIRST Technical Colloquium
February 10-11, 2026<br/> Bangalore (IN)<br/> \#BANGALORETC26
Tue, 09 Dec 2025 00:00:00 GMT
2026 FIRST Regional Symposium for Central Asia
February 26-27, 2026<br/> Tashkent (UZ)<br/> Co-hosted by UZCERT
Tue, 09 Dec 2025 00:00:00 GMT
CVE | FIRST VulnCon 2026 & Annual CNA Summit
Early Registration Available!<br/> April 13-16, 2026<br/> Scottsdale (USA)<br/> \#VULNCON26
Tue, 09 Dec 2025 00:00:00 GMT
2026 Cyber Threat Intelligence Conference
SAVE THE DATE<br/> April 21-23, 2026<br/> Munich (DE)<br/> \#FIRSTCTI26
Tue, 09 Dec 2025 00:00:00 GMT
38th Annual FIRST Conference
Early Registration Available!<br/> June 14-19, 2026<br/> Denver (US)<br/> \#FIRSTCON26
Tue, 09 Dec 2025 00:00:00 GMT
Message from the Chair
Tue, 09 Dec 2025 00:00:00 GMT
Balkan Cybersecurity Days 2026
March 18-20, 2026<br/> Shkodër, Albania (AL)<br/> \#BCD2026
Tue, 09 Dec 2025 00:00:00 GMT
Building Resilience Through Reporting
The Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing
Mon, 01 Dec 2025 00:00:00 GMT
Building Resilience Through Reporting
he Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing among stakeholders, and empowering CSIRTs to create actionable reports that can be used to prevent cyber threats.
Mon, 01 Dec 2025 00:00:00 GMT
2025 Q4 Vulnerability Publication Forecast
Usually, we begin a blog post with a review of last quarter, but our volunteer team couldn’t get a forecast out last quarter. We had several pressing matters between multiple team members, and we apologise. So, we’ll move swiftly on to this quarter’s predictions.
Thu, 16 Oct 2025 00:30:00 GMT
Paris 2026 FIRST Technical Colloquium
SAVE THE DATE<br/> February 9-10, 2026<br/> Paris (FR)<br/> More details coming soon!
Tue, 07 Oct 2025 00:00:00 GMT
FIRST CORE
A new direction for sponsorship was announced at the 37th Annual FIRST conference in Denmark. [FIRST CORE](https://www.first.org/global/core/) provides critical funding to expand FIRST’s Community and Capacity Building Program (CCB), which focuses on developing incident response capabilities in regions where resources are limited. CORE’s goals are to foster **community**; improve **operational** capacity across the globe, build **resilience** across the digital ecosystem, and **empower** incident responders and their teams.
Mon, 29 Sep 2025 00:00:00 GMT
Training and CCB
FIRST continues to provide training on different cyber security topics and in different parts of the world through our Community Trainers and CCB program. From June onwards, FIRST has conducted the following training, supported by the trainers in the [FIRST community](https://www.first.org/community). We highly appreciate the contribution by the trainers.
Thu, 25 Sep 2025 00:00:00 GMT
Digital Sovereignty and Communities
In September, I was invited to give a talk on digital sovereignty, which is a hot topic these days, given that an increasing number of states seem to depend on a handful of hyperscalers from just two countries. Most solutions range from the fairly naive 'Just use Linux' to the probably overly ambitious 'Let's build our own hyperscalers'. I won't comment on the former, but I will add that building a hyperscaler is not a trivial undertaking. However, one thing that is constantly forgotten is that great technology doesn't develop in isolation. Silicon Valley is called that for a reason, not Silicon Island.
Wed, 24 Sep 2025 00:00:00 GMT
Member Spotlight
FIRST is adding a new feature to our quarterly newsletter called the Member Spotlight. This will be a recurring article that will recognize member contributions to the FIRST community including: - **Impact**: The contribution has made an impact on the development or growth of FIRST or the global Incident Response and Security community. - **Influence**: The contribution has supported or influenced the work of others in FIRST or their region/sector. - **Innovation**: The contribution has broken new ground with original thinking and creativity
Wed, 24 Sep 2025 00:00:00 GMT
Special Interest Group Updates
**General Update** The annual conference is always an important milestone for the Special Interest Groups, as they usually present on what they have done over the past year and many also enjoy getting the chance to meet in person. For those of you who have missed the SIG Updates, you can find the [slides on the conference website.](https://www.first.org/conference/2025/program#pSIG-Updates)
Wed, 24 Sep 2025 00:00:00 GMT
Strategic Initiatives Amplification, Video Series Completion and LinkedIn Growth Surge
Growth Stack Media secured 41 pieces of earned media coverage for FIRST in Q3FY25 across notable publications including Cybernews, Cyber Defense Wire, and SecurityBrief. You can view the full CoverageBook of articles [here](https://www.first.org/newsroom/newsletters/FIRST_FY25Q3_PR_Coverage.pdf).
Wed, 24 Sep 2025 00:00:00 GMT
Bangalore 2026 FIRST Technical Colloquium
SAVE THE DATE<br/> February 10-11, 2026<br/> Bangalore (IN)<br/> \#BANGALORETC26
Wed, 24 Sep 2025 00:00:00 GMT
2026 FIRST Regional Symposium for Central Asia
February 26-27, 2026<br/> Tashkent (UZ)<br/> Co-hosted by UZCERT
Wed, 24 Sep 2025 00:00:00 GMT
2026 Cyber Threat Intelligence Conference
SAVE THE DATE<br/> April 21-23, 2026<br/> Munich (DE)<br/> \#FIRSTCTI26
Wed, 24 Sep 2025 00:00:00 GMT
38th Annual FIRST Conference
Early Registration Available!<br/> June 14-19, 2026<br/> Denver (US)<br/> \#FIRSTCON26
Wed, 24 Sep 2025 00:00:00 GMT
FIRST Upcoming Events
FIRST Upcoming Events (as of September 2025)
Thu, 18 Sep 2025 18:00:00 GMT
FIRST Accelerates Global Security Initiatives with Upcoming Conference, Leadership Expansion, and Technical Advancement Programs
Vulnerability Forecasting Colloquium, New Threat Hunting SIG, and International Partnerships Drive Global Cybersecurity Impact
Tue, 16 Sep 2025 00:00:00 GMT
FIRST POST: Jul-Sep 2025
Message from the Chair; Digital Sovereignty and Communities; Member Spotlight; FIRST CORE; Special Interest Group Updates; Training and CCB; Strategic Initiatives Amplification, Video Series Completion and LinkedIn Growth Surge; Upcoming Events
Thu, 04 Sep 2025 00:00:00 GMT
2025 FIRST & AfricaCERT Symposium: Africa and Arab Regions
Call for Speakers is Open!<br/> December 2–5, 2025<br/> Mauritius
Thu, 04 Sep 2025 00:00:00 GMT
Oslo 2025 FIRST Technical Colloquium Cold Incident Response
October 7-9, 2025<br/> Oslo (NO)
Thu, 04 Sep 2025 00:00:00 GMT
2025 FIRST Regional Symposium Latin America & Caribbean
October 8-9, 2025<br/> San Salvador (SV)<br/> Co-located with LACNIC / LACNOG 2025
Thu, 04 Sep 2025 00:00:00 GMT
2025 Mexico City Technical Colloquium
October 27-29, 2025<br/> Mexico City (MX)<br/> \#FIRSTMX2025
Thu, 04 Sep 2025 00:00:00 GMT
Remote 2025 UNDP / UNICC / FIRST Technical Colloquium
October 30, 2025<br/> 09:30-14:00 EDT | 14:30-19:00 CET<br/> Online<br/> Hosted by UNDP and UNICC
Thu, 04 Sep 2025 00:00:00 GMT
Ljubljana 2025 FIRST Technical Colloquium
December 9–10, 2025<br/> Ljubljana (SI)
Thu, 04 Sep 2025 00:00:00 GMT
CVE | FIRST VulnCon 2026 & Annual CNA Summit
Early Registration Available!<br/> April 13-16, 2026<br/> Scottsdale (USA)<br/> \#VULNCON26
Thu, 04 Sep 2025 00:00:00 GMT
Message from the Chair
It has already been three months since the successful Copenhagen FIRSTCON25 took place. If you want to get access to over 40 of the TLP-CLEAR presentations, [they are available online](https://www.first.org/conference/2025/program). For those who attended, I hope you pinged back to those you met, and that you already knew before. Since FIRSTCON22, I noticed an increase in the number of attendees that were "Happy to be there" - as in the tag I boast almost every year. If you met new faces, especially if they were newbies, please check whether they are on our Slack workspace, and if not, please help them to join. The wider our community, the better.
Thu, 04 Sep 2025 00:00:00 GMT
News from the Chair - August 2025
Tue, 05 Aug 2025 17:00:00 GMT
FIRST POST: Apr-Jun 2025
Message from the Chair; Incident Response Hall of Fame 2025 Recipient: Richard (Rich) D. Pethia, CERT/CC; New Board Member: Graciela Martinez Giordano; Building Bridges is fine, but you have to use them; Board Roles & Responsibilities; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Women of FIRST; Strategic Campaign Success, Video Series Launch and Global Media Recognition; Upcoming Events
Thu, 31 Jul 2025 00:00:00 GMT
2025 Conference Recap
Another FIRST conference has come and gone, so let’s take a moment to relive it together! Held in beautiful Copenhagen, Denmark, *FIRSTCON25: Fortresses of the Future – Building Bridges, Not Walls* gathered 1056 security professionals from 103 nations for six days of insight, inspiration, and infectious energy. With 523 FIRST team members onsite—including 34 liaison members and over 300 member organizations—the global incident response community was out in full force. Even more exciting: over half the attendees were first-time FIRST participants!
Thu, 24 Jul 2025 00:00:00 GMT
Building Bridges is fine, but you have to use them
The motto of this year's annual conference was "Fortresses of the Future: Building Bridges not Walls." We continually emphasize that successful incident response depends on CSIRT collaboration. When I attend meetings at the UN, OSCE, and similar organizations, participants consistently insist that CSIRTs work together and exchange information. I certainly remember a time when I could freely exchange information with peers worldwide.
Wed, 16 Jul 2025 00:00:00 GMT
Strategic Campaign Success, Video Series Launch and Global Media Recognition
Growth Stack Media secured 74 pieces of earned media coverage for FIRST in Q2FY25 across notable publications including CSO Online, Infosecurity Magazine, SC Magazine, and TechTarget. You can view the full CoverageBook of articles [here](https://www.first.org/newsroom/newsletters/FIRST_FY25Q2_PR_Coverage.pdf).
Tue, 15 Jul 2025 00:00:00 GMT
Message from the Chair
Olivier Caleff is the newly appointed Chair of the FIRST Board of Directors. He recaps the Annual General Meeting and thanks outgoing Chair, Tracy Bills, for her dedication and leadership. Olivier strongly encourages everyone to identify ways they can engage in FIRST’s activities, such as the SIGs (Special Interest Groups), programs, tools, and the many other FIRST events throughout the year.
Mon, 14 Jul 2025 00:00:00 GMT
Incident Response Hall of Fame 2025 Recipient: Richard (Rich) D. Pethia, CERT/CC
"Do not go where the path may lead, go instead where there is no path and leave a trail." This quotation from Ralph Waldo Emerson embodies the qualities of Richard D. Pethia, avid fisherman and founding director of the CERT® Coordination Center (CERT/CC), now part of the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI).
Mon, 14 Jul 2025 00:00:00 GMT
New Board Member: Graciela Martinez Giordano
After many years of dedicated work in building and sustaining the LAC-CSIRTs community—enhancing incident response capabilities, supporting the creation of new CSIRTs, and advancing capacity building across the LAC region through initiatives such as the FIRST Symposium and other security conferences—I decided to run for the FIRST Board of Directors. I’d like to thank everyone for their support and am looking forward to contributing as the newest FIRST Board member.
Mon, 14 Jul 2025 00:00:00 GMT
Board Roles & Responsibilities
The FIRST Board of Directors plays a key role in the governance and strategic direction of the organization. Its members are responsible for ensuring that FIRST fulfills its mission and institutional objectives while maintaining an effective operational structure aligned with the needs of its global community. All Board members share a set of common responsibilities. These include actively participating in the definition, review, and evaluation of the organization’s strategic goals, as well as overseeing the budget and resource allocation. Board members are also expected to serve as liaisons to the membership community, support regional initiatives, participate in conferences and technical groups, and represent FIRST in external engagements. With the confirmation of the new Board for the 2025–2026 term, new roles and responsibilities have also been assigned and [published at the following link](https://www.first.org/about/organization/directors).
Mon, 14 Jul 2025 00:00:00 GMT
Women of FIRST
During the final substantive session of Open-ended working group on security of and in the use of information and communications Technologies (OEWG) in July 2025, I had the honor of **leading a stimulating workshop at the Women and International Security in Cyberspace Fellowship** at the United Nations Headquarters in New York. **"Cyber Incident Simulation Through a Public Policy Lens: Can You Piece Together the Attack?**
Mon, 14 Jul 2025 00:00:00 GMT
FIRST Welcomes New Members and Thanks Sponsoring Teams!
What a quarter of new additions we have had! We want to share an enormous warm welcome to our new team members, and as always a thank you to our sponsoring teams. During the AGM, we were able to share some cool updates about our membership to date: FIRST now has 808 full members, 192 Liaisons and 2 associate members!
Mon, 14 Jul 2025 00:00:00 GMT
2025 FIRST Vulnerability Forecasting Technical Colloquium
September 25-26, 2025<br/> Cambridge United Kingdom (GB)<br/> \#VULN4CAST25
Mon, 14 Jul 2025 00:00:00 GMT
APNIC/FIRST Technical Colloquium
September 9-11, 2025<br/> Da Nang (VN)
Mon, 14 Jul 2025 00:00:00 GMT
Oslo 2025 FIRST Technical Colloquium Cold Incident Response
October 7-9, 2025<br/> Oslo (NO)
Mon, 14 Jul 2025 00:00:00 GMT
Ljubljana 2025 FIRST Technical Colloquium
SAVE THE DATE<br/> December 9–10, 2025<br/> Ljubljana (SI)
Mon, 14 Jul 2025 00:00:00 GMT
2025 FIRST & AfricaCERT Symposium: Africa and Arab Regions
SAVE THE DATE<br/> December 2–5, 2025<br/> Mauritius
Mon, 14 Jul 2025 00:00:00 GMT
2025 FIRST Regional Symposium Latin America & Caribbean
SAVE THE DATE<br/> October 8-9, 2025<br/> San Salvador (SV)<br/> Co-located with LACNIC / LACNOG 2025
Mon, 14 Jul 2025 00:00:00 GMT
News from the Chair - July 2025
Thu, 10 Jul 2025 00:00:00 GMT
FIRSTCON25 Delivers Global Collaboration and Groundbreaking Cybersecurity Initiatives
Annual conference unveils new funding initiatives, platforms and tools, leadership appointments, and expanded global capacity building programs
Fri, 27 Jun 2025 12:00:00 GMT
Richard D. Pethia Inducted into FIRST's Incident Response Hall of Fame
Pioneer behind the first CERT honored for launching a global movement in cybersecurity
Wed, 25 Jun 2025 04:00:00 GMT
FIRST Announces New CORE Initiative with Fortinet as a Founding Partner
New initiative empowers cybersecurity and incident response teams worldwide through capacity building and community development
Mon, 23 Jun 2025 04:00:00 GMT
Episode 54: Matias Mesiä, FIRSTCON25 Speaker
In this episode of the FIRST Impressions Podcast, FIRSTCON25 Speaker, Matias Mesiä of NCSC-FI, discusses the high-impact 2024 data breach that targeted the City of Helsinki’s education department. With over 100,000 residents affected, Matias breaks down how the incident unfolded and the coordinated response involving NCSC-FI, city officials, service providers, and law enforcement. He shares the unique challenges of managing a major breach under intense media scrutiny. Tune in for key lessons on public-sector cybersecurity, crisis communication, and response readiness.
Fri, 20 Jun 2025 00:00:00 GMT
Episode 53: John Hollenberger, FIRSTCON25 Speaker
In this episode of the FIRST Impressions Podcast, Martin and Chris chat with FIRSTCON25 speaker, John Hollenberger of Fortinet. John offers a sneak peek into his session, "Building the Blueprint: Designing Effective Storyboards for Cybersecurity Tabletop Exercises." He explains how detailed storyboards can shape more impactful tabletop exercises by aligning objectives, scenarios, injects, and key decision points. Tune in to learn how to create exercises that are not only engaging but truly enhance organizational preparedness.
Wed, 18 Jun 2025 00:00:00 GMT
Women of FIRST
Cyber Incident Simulation: Piecing Together an Attack Through a Public Policy Lens
Mon, 16 Jun 2025 00:30:00 GMT
Episode 52: Steve McKinney and Lauren Tam, FIRSTCON25 Speakers
In this episode of the FIRST Impressions podcast, two engineers from Stripe discuss their upcoming FIRSTCON25 session, Response via Prevention Engineering. They share how Stripe took a prevention-first approach to hardening laptops by reducing analyst workload, minimizing response toil, and increasing operational efficiency. Learn how data, trust, and cross-team collaboration made it all possible in this episode!
Mon, 16 Jun 2025 00:00:00 GMT
Episode 51: Cornelia Puhze, FIRSTCON25 Speaker
In this episode of FIRST Impressions, the hosts interview FIRSTCON25 speaker, Cornelia Puhze of SWITCH-CERT, a human-centered security professional and co-chair of the FIRST Human Factors in Security SIG. Cornelia dives into the world of social engineering, AI-driven manipulation, and how we can better educate people to protect themselves from scams without the burden of technical jargon. She emphasizes the power of gut instincts, breathing, and human intuition in recognizing and resisting criminal tactics. Tune in to explore how we can train ourselves to stay secure in a tech-driven world — naturally.
Fri, 13 Jun 2025 00:00:00 GMT
Episode 50: Desiree Sacher and Carson Zimmerman, FIRSTCON25 Speakers
In this episode of FIRST Impressions, hosts Martin McKay and Chris John Riley speak with Desiree Sacher and Carson Zimmerman about their upcoming talk at the 2025 FIRST Conference in Copenhagen. Drawing from personal experience and scientific research, they unpack the complexities of burnout in cybersecurity — exploring its causes, impact, and sustainable solutions for both individuals and organizations
Mon, 09 Jun 2025 00:00:00 GMT
Episode 49: John Stoner, FIRSTCON25 Speaker
In this episode of FIRST Impressions, hosts Chris John Riley and Martin McKeay speak with John Stoner, Global Principal Security Strategist at Google Cloud. Together they discuss the importance of ongoing detection testing, the challenges of running emulations in production environments, and how to balance technical goals with organizational constraints. John previews his upcoming talk at the 2025 FIRST Conference, offering practical strategies for evolving security practices without boiling the ocean.
Fri, 06 Jun 2025 00:00:00 GMT
APAC DNS Forum 2025
Peter Lowe, FIRST’s DNS Abuse Policy Ambassador, shares a review of the APAC DNS Forum in Hanoi, Vietnam, where he met with representatives from various organizations and had valuable discussions about DNS abuse and data sharing.
Tue, 03 Jun 2025 00:30:00 GMT
Episode 48: Henrik Larsen, FIRSTCON25 Program Chairs
In this special FIRSTCON25 FIRST Impressions episode, our hosts, Chris John Riley and Martin McKeay interview Henrik Larsen, Program Chair of the 2025 FIRST Conference in Copenhagen. Henrik discusses the conference theme: “Fortresses of the Future: Building Bridges, Not Walls” and previews keynote speakers, Scandinavian influence, and cultural highlights of the host city. Tune in to learn what to expect this June and learn more about the diverse speaker lineup and the vibrant Copenhagen experience awaiting us!
Fri, 30 May 2025 00:00:00 GMT
Black Basta Ransomware Leak: Key Findings and Insights
A leak of 200,000 internal Black Basta chat messages reveals how a modern ransomware group structures its operations to attack victims, employing a range of tactics that, theoretically, should be easy to defend against.
Sun, 25 May 2025 00:30:00 GMT
Time to kick out Human Error?
Last year I opened a presentation with this: «Human error are the words cyber security guys use when they don't know shit». The response was laughter. But I think it is true. Here's why, and why it's relevant to incident responders.
Mon, 21 Apr 2025 00:30:00 GMT
Green Copenhagen
Did you know Copenhagen is *wheel-y* committed to sustainability? From bike-friendly streets to harbor waters so clean you can swim in them; this eco-chic city is setting the bar for green living. FIRST is excited to bring the Annual Conference to the world’s first carbon-neutral capital this June! Our 37<sup>th</sup> FIRST Conference will be held at the Bella Center Copenhagen, a beautiful venue nestled in the charming neighborhood of Ørestad. The Center overlooks a lovely pitch of green, with inviting golfers and cyclists urging you to step outside.
Mon, 14 Apr 2025 00:00:00 GMT
FIRST POST: Jan-Mar 2025
Message from the Chair; Strategy and Governance: Launch of the FIRST Strategy Framework; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Special Interest Group Updates; The role of National CERTs/CSIRTs in Implementing the UN Norms of Responsible Behavior in Cyberspace; Growth Stack Media Q1FY25 PR Highlights: Media Coverage Expansion & Successful Campaigns; Green Copenhagen; FIRST on Social Media; and Upcoming Events
Fri, 11 Apr 2025 00:00:00 GMT
Oslo 2025 FIRST Technical Colloquium Cold Incident Response
SAVE THE DATE<br/> October 7-9, 2025<br/> Oslo (NO)
Fri, 11 Apr 2025 00:00:00 GMT
37th Annual FIRST Conference
June 22-27, 2025<br/> Copenhagen (DK)<br/> \#FIRSTCON25
Fri, 11 Apr 2025 00:00:00 GMT
2025 Vulnerability Forecasting Technical Colloquium
SAVE THE DATE<br/> September 25–26, 2025<br/> Cambridge (GB)
Fri, 11 Apr 2025 00:00:00 GMT
2025 Cyber Threat Intelligence Conference
April 21-23, 2025<br/> Berlin (DE)<br/> \#FIRSTCTI25
Thu, 10 Apr 2025 00:00:00 GMT
2025 Q2 Vulnerability Forecast
We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.
Tue, 08 Apr 2025 00:30:00 GMT
Strategy and Governance: Launch of the FIRST Strategy Framework
**The Board of Directors launched in March of this year the [FIRST Strategy Framework](https://www.first.org/blog/20250303-Strategy-Framework)**. This initiative is designed to enhance the organization’s ability to achieve its mission and reinforce its position as a global leader in cybersecurity and incident response. A key component of this framework is the development of a **three-year Strategic Plan, which will be updated every three years**. This Strategic Plan will then serve as the foundation for a three-year Operating and Financial Plan, which will be updated annually. Furthermore, the **Annual Budget and Operational Plan will be directly informed by these strategic and operating plans**, ensuring that financial resources are allocated to support strategic objectives and operational priorities. This cohesive system aims to connect FIRST’s long-term vision with its annual operational and financial planning.
Mon, 07 Apr 2025 00:00:00 GMT
Growth Stack Media Q1FY25 PR Highlights: Media Coverage Expansion & Successful Campaigns
Growth Stack Media achieved significant media presence for FIRST in Q1FY25, securing over 71 pieces of earned media coverage across global publications including Cyber Defense Magazine, CSO, Cyberscoop, Help Net Security, SC Media and Techstrong TV. This extensive coverage continues to establish FIRST as a preeminent cybersecurity organization and community.
Fri, 04 Apr 2025 00:00:00 GMT
Message from the Chair
The first quarter of the new calendar year has been a busy one across FIRST programs. I would like to thank each of you for the various ways you have already contributed and plan to in the coming months. I recently had the privilege of speaking with several new member teams to learn more about their teams, what FIRST programs may be the most beneficial to them, as well as to identify ways their teams can contribute back into the FIRST community. These types of conversations do not require a lot of time but are mutually beneficial. I understand that we all have busy schedules, but if you are presented an opportunity to engage with new members, even if it is just to answer a question, I highly encourage you to take a moment to do so. These acts may seem small, but they are the building blocks of trust and collaboration.
Fri, 14 Mar 2025 00:00:00 GMT
In-country training for bjCSIRT in Benin
Fri, 14 Mar 2025 00:00:00 GMT
FIRST Welcomes New Members and Thanks Sponsoring Teams!
FIRST has welcomed 23 new members over the FIRST 3 months of 2025: 6 Liaisons and 18 Teams. The split is: 10 Teams from Europe, 2 from Asia, 2 from North America, and 2 from South America. Warm welcome to our new members!
Fri, 14 Mar 2025 00:00:00 GMT
Special Interest Group Updates
**SOC-SIG (Security Operations Center):** Security Operations Teams, do you wish there were more SOC-specific information for FIRST members? We have just launched a SOC-SIG to focus on the many challenges encountered by SOCs in their mission to defend networks and detect adversaries. SOC teams are inundated with data and charged with extracting threat indicators out of an onslaught of normal everyday network and system activity. Left unaddressed, these challenges can lead to the SOC team being slower to detect and respond to potential incidents, getting distracted with false positive or negative alerts, and being subject to analyst over exposure and alert fatigue.
Fri, 14 Mar 2025 00:00:00 GMT
FIRST on Social Media
Are you aware of the social network presence of FIRST? Our handle name is ‘firstdotorg’. Time to start following us if you haven’t done so. - [Bluesky](https://bsky.app/profile/first.org) - [Mastodon](https://infosec.exchange/@firstdotorg) - [Facebook](https://www.facebook.com/FIRSTdotorg) - [X](https://x.com/firstdotorg) - [LinkedIn](https://www.linkedin.com/company/firstdotorg) - [GitHub](https://github.com/FIRSTdotorg) - [YouTube](https://www.youtube.com/c/FIRSTdotorg)
Fri, 14 Mar 2025 00:00:00 GMT
The role of National CERTs/CSIRTs in Implementing the UN Norms of Responsible Behavior in Cyberspace
As the global conversation around international law and responsible behavior in cyberspace grows, it is increasingly clear that this issue transcends the realm of diplomacy. It is no longer limited to political discussions but extends to the teams responsible for responding to cyber incidents. National CERTs/CSIRTs have a pivotal role in bridging the gap between international norms and practical cybersecurity measures. This article examines how these teams can contribute to the implementation of the United Nations norms for responsible behavior in cyberspace, ensuring that these norms translate into actionable steps that enhance global security.
Fri, 14 Mar 2025 00:00:00 GMT
FIRST Announces Global Event Series to Unite Incident Response and Security Teams Worldwide
Flagship events in Raleigh, Berlin, and Copenhagen set to strengthen international cybersecurity collaboration amid surge in cross-border security incidents
Wed, 05 Mar 2025 00:00:00 GMT
The FIRST Board of Directors Launches FIRST’s Strategy Framework
The FIRST Board of Directors is introducing a new structured approach to strategic planning, aimed at enhancing the organization’s ability to fulfill its mission and solidify its position as a global leader in cybersecurity and incident response.
Mon, 03 Mar 2025 00:30:00 GMT
Vulnerability Forecast for 2025
In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.
Tue, 25 Feb 2025 00:30:00 GMT
APAC DNS Forum 2025
In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.
Tue, 25 Feb 2025 00:30:00 GMT
Vulnerability forecast 2026: The Year Ahead
As we turn the page on another year and raise our glasses to new beginnings, we at FIRST have been busy doing what we do best: thinking quantitatively about what lies ahead. And our forecast for 2026 is both sobering and, we hope, useful.
Tue, 11 Feb 2025 00:30:00 GMT
Early Bird Registration for FIRSTCON25 Copenhagen Ends February 10!
June 22-27, 2025 | Copenhagen, Denmark Consistently ranked as one of the top 20 information security conferences worldwide, the Annual FIRST Conference provides a unique forum for sharing best practices, facilitating and fostering global coordination, and building trusted relationships. Don’t miss your opportunity to register for this year’s conference at the best available discount. Sponsorship opportunities are available for interested organizations. For more information on the conference and how to register, please visit: [first.org/conference/2025](https://www.first.org/conference/2025/)
Fri, 24 Jan 2025 00:00:00 GMT
The 2024 Vulnerability Forecast: Year in Review
In calendar year 2024 we had another record breaking 40,704 CVEs published.
Mon, 06 Jan 2025 00:30:00 GMT