Month: May 2026
Cybersecurity Threat Advisory: Linux kernel vulnerabilities exploited by Dirty Frag
Dirty Frag is a newly disclosed Linux kernel local privilege escalation (LPE) exploit chain. It combines two independent kernel vulnerabilities—CVE‑2026‑43284 and CVE‑2026‑43500—to deliver reliable, first‑attempt root access across virtually all major Linux distributions. A working proof of concept (PoC) is...
Cybersecurity Threat Advisory: PAN-OS Captive Portal zero-day vulnerability
Threat actors are actively exploiting a PAN‑OS zero‑day that impacts the User‑ID Authentication (Captive) Portal. This exploit enables unauthenticated remote code execution with root privileges on PA‑Series and VM‑Series firewalls. Continue reading this Cybersecurity Threat Advisory to learn how to...
If you’re an MSP owner who wants more consistent leads, start here
As someone who’s spent the last 8+ years helping hundreds of MSPs generate leads and book real sales conversations, I hear the same frustration over and over again: “We’re doing some marketing… but leads are inconsistent.” Some months are busy. ...
Cybersecurity Threat Advisory: MOVEit authentication bypass vulnerability
A vulnerability has been identified involving a critical authentication bypass in Progress MOVEit Automation, a widely used managed file transfer and automation platform. This flaw allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access to MOVEit Automation environments....
The compliance trap: checking boxes isn’t the same as being secure
When businesses pass a SOC 2 audit, complete a HIPAA assessment, or earn a Cyber Essentials certification, there’s often a sense of relief—the work is done. In reality, that moment is where risk often begins. “Compliance frameworks establish a baseline,”...
The AI opportunity in account management for MSPs
MSPs have already survived one identity crisis. The shift from break-fix to recurring services was not a gentle transition for most people. It required changing how you priced, staffed, sold, and thought about your relationship with clients. Innovators and early...
Cybersecurity Threat Advisory: Blue Hammer zero-day
A researcher leaked a zero‑day vulnerability dubbed “BlueHammer” to protest Microsoft’s handling of the private disclosure process. Although the published code contains implementation bugs, attackers with local access can still use it to compromise affected systems. Read this Cybersecurity Threat...
Pioneers in Tech: Why you should know Ida Rhodes
The Jewish calendar has been closely tied to mathematics for centuries—but it wasn’t until 1977 that Hebrew dates could be calculated by a computer program. The breakthrough was the work of retired human “computer” Ida Rhodes, born Hadassah Itzkowitz in...
Cybersecurity Threat Advisory: CloudZ RAT targeting Microsoft Phone Link
A new CloudZ RAT variant uses a stealthy plugin called Pheno to hijack Microsoft Phone Link on Windows 10 and 11, allowing attackers to intercept SMS messages and one-time passcodes synced from mobile devices. Active since at least January, the...
MSPs will need to revisit pricing models in the age of AI
Managed service providers (MSPs) have, with mixed success, been trying to nudge more customers toward value-based pricing models that are designed to benefit both parties. Rather than billing by the hour or charging a flat rate, the goal is to...
