Cybersecurity Threat Advisory: Google security page spoofed in PWA attack
A phishing campaign is using a spoofed Google Account security page to distribute a malicious Progressive Web App (PWA). The app is designed to steal one‑time passcodes, collect cryptocurrency wallet addresses, and turn victims’ browsers into proxies for attacker traffic....
Cybersecurity Threat Advisory: Zero-day Cisco Catalyst SD-WAN flaw
A critical authentication‑bypass flaw in Cisco Catalyst SD‑WAN, tracked as CVE‑2026‑20127, is being actively exploited as a zero‑day. The vulnerability allows remote attackers to compromise controllers and introduce malicious rogue peers into targeted networks. Review the Cybersecurity Threat Advisory now...
Cybersecurity Threat Advisory: Critical FortiClientEMS SQL injection vulnerability
An improper neutralization of special elements used in SQL commands in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands through specially crafted HTTP requests. This vulnerability, tracked as CVE‑2026‑21643 with a CVSS score of...
Cybersecurity Threat Advisory: Critical vulnerability in IBM API Connect
A newly disclosed security vulnerability, CVE-2025-13915, affects IBM API Connect. This flaw could allow a remote attacker to bypass authentication and gain unauthorized access to applications. Review this Cybersecurity Threat Advisory for steps to mitigate your risk. What is the...
Cybersecurity Threat Advisory: Critical React2Shell vulnerability
There are two critical unauthenticated remote code execution vulnerabilities in the React Server Components (RSC) “Flight” protocol. Continue reading this Cybersecurity Threat Advisory to learn how to protect you and your clients’ environments. What is the threat? These critical vulnerabilities...
Cybersecurity Threat Advisory: Critical Grafana SCIM vulnerability
A critical security vulnerability in Grafana Enterprise could allow attackers to escalate privileges and impersonate users. Tracked as CVE-2025-41115, the flaw carries the maximum CVSS score of 10.0. Continue reading this Cybersecurity Threat Advisory to learn how to protect you...
Cybersecurity Threat Advisory: Severe N-able vulnerabilities
Two critical vulnerabilities were disclosed by N-able in the N-central RMM platform, with one having a maximum severity rating. To help safeguard you and your customers’ environments, please review the best practices outlined in this Cybersecurity Threat Advisory. What is...
Cybersecurity Threat Advisory: Critical WatchGuard firewall vulnerability
A critical vulnerability, CVE-2025-9242, has been identified in WatchGuard Firebox Network Security Appliances. This flaw exposes affected devices to the public internet and allows unauthenticated remote code execution. Review the details in this Cybersecurity Threat Advisory to understand the potential...
Cybersecurity Threat Advisory: ChaosBot malware exploits Discord
A recently discovered Rust-based malware called ChaosBot is being used compromise computers via Discord channels. Review the details within this Cybersecurity Threat Advisory to learn more and see how to protect your system. What is the threat? ChaosBot is a...
Cybersecurity Threat Advisory: Critical Adobe Commerce flaw
A critical security vulnerability, tracked as CVE-2025-54236 (with a CVSS score of 9.1) is also known as “SessionReaper”. This vulnerability has been uncovered in Adobe Commerce and Magento Open Source. The flaw could allow cybercriminals to takeover customer accounts, putting...
