Month: September 2025
Unseen, unpatched, unprotected: The IoT threat MSPs can’t ignore
Since its inception, the Internet of Things (IoT) has kept cybersecurity specialists up at night. As the world becomes increasingly connected, the nature of the IoT security threats has evolved. The statistics paint a sobering picture of our connected future:...
Cybersecurity Threat Advisory: Critical Microsoft Entra ID vulnerability
A critical token validation vulnerability, tracked as CVE-2025-55241 with a CVSS of 10, in Microsoft Entra ID has been discovered. This flaw could have allowed attackers to impersonate any user, including global admins, across any tenant. Continue reading this Cybersecurity...
Cybersecurity Threat Advisory: SonicWall firewall backup breach
SonicWall has reported a security breach involving unauthorized access to its MySonicWall cloud backup service. Attackers used brute-force techniques to obtain firewall preference and backup files containing full device configurations. Continue reading this Cybersecurity Threat Advisory to learn more about...
DarkBard: The “evil twin” of Google Bard
In the shadowy realm of cybercrime, DarkBard has emerged as a significant player, representing a crossover into non-OpenAI territory. As its name suggests, DarkBard is modeled as the dark counterpart to Google’s Bard artificial intelligence (AI). This tool surfaced in...
Tech Time Warp: Meet ERMA, the machine that automated check processing
When did you last write a check? In July 2024, Target became the latest retailer to stop accepting checks, citing “extremely low volumes” of customers paying by check. Use of checks — already declining before the COVID-19 pandemic — took...
Cybersecurity Threat Advisory: Critical WatchGuard firewall flaw
A critical remote-code execution (RCE) vulnerability in WatchGuard Firebox, tracked as CVE-2025-9242 with a CVSS score of 9.3, allows unauthenticated attackers to execute arbitrary code. Review the information in this Cybersecurity Threat Advisory to learn more. What is the threat?...
Cybersecurity Threat Advisory: Worm outbreak infects npm ecosystem
Threat actors launched a sophisticated software supply chain attack that targets the npm registry and compromises over 40 packages maintained by multiple developers. The self-replicating worm, dubbed “Shai-Hulud”, automates the infection of downstream dependencies. Review the details in this Cybersecurity...
MSPs take center stage in Broadcom’s VMware strategy
After an initial spate of controversy surrounding the Broadcom acquisition of VMware, it appears the company is now counting on partners to help organizations that have licensed the VMware Cloud Foundation (VCF) platform to help install it. VCF surges as...
Cybersecurity Threat Advisory: Critical flaw in DELMIA Apriso MOM software
CISA has added CVE-2025-5086, a critical remote code execution (RCE) vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software, to its catalog following confirmed active exploitation. Review the details of this Cybersecurity Threat Advisory to keep your system...
Cybersecurity Threat Advisory: Critical Adobe Commerce flaw
A critical security vulnerability, tracked as CVE-2025-54236 (with a CVSS score of 9.1) is also known as “SessionReaper”. This vulnerability has been uncovered in Adobe Commerce and Magento Open Source. The flaw could allow cybercriminals to takeover customer accounts, putting...
