FIRST Blog 2025

As 2025 draws to a close, we find ourselves in the satisfying position of reviewing forecasts that worked. Next year’s forecast will look and feel a bit different, but you can expect that in January and we like to keep them separate.

Sharing information in cybersecurity is vital for prevention and response. There’s a lot of technical processes available, and best practice to learn from. FIRST, for example, was created for that exact reason back in the 90s, to share techniques and information between teams.

The Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing

he Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing among stakeholders, and empowering CSIRTs to create actionable reports that can be used to prevent cyber threats.

Usually, we begin a blog post with a review of last quarter, but our volunteer team couldn’t get a forecast out last quarter. We had several pressing matters between multiple team members, and we apologise. So, we’ll move swiftly on to this quarter’s predictions.

Cyber Incident Simulation: Piecing Together an Attack Through a Public Policy Lens

Peter Lowe, FIRST’s DNS Abuse Policy Ambassador, shares a review of the APAC DNS Forum in Hanoi, Vietnam, where he met with representatives from various organizations and had valuable discussions about DNS abuse and data sharing.

A leak of 200,000 internal Black Basta chat messages reveals how a modern ransomware group structures its operations to attack victims, employing a range of tactics that, theoretically, should be easy to defend against.

Last year I opened a presentation with this: «Human error are the words cyber security guys use when they don't know shit». The response was laughter. But I think it is true. Here's why, and why it's relevant to incident responders.

We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.

The FIRST Board of Directors is introducing a new structured approach to strategic planning, aimed at enhancing the organization’s ability to fulfill its mission and solidify its position as a global leader in cybersecurity and incident response.

In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.

In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.