Cybersecurity Threat Advisory: ClickFix attacks
Attackers are exploiting a critical vulnerability, tracked as CVE-2026-26980, in the Ghost Content Management System (CMS) to compromise more than 700 legitimate websites. Read this Cybersecurity Threat Advisory to reduce risk for you and your clients. What is the threat?...
Cybersecurity Threat Advisory: RMM-based phishing attacks
An ongoing phishing campaign has been observed targeting multiple vectors and leveraging legitimate Remote Monitoring and Management (RMM) tools to establish persistent remote access on compromised hosts. Read this Cybersecurity Threat Advisory to mitigate risk for you and your clients....
Cybersecurity Threat Advisory: Blue Hammer zero-day
A researcher leaked a zero‑day vulnerability dubbed “BlueHammer” to protest Microsoft’s handling of the private disclosure process. Although the published code contains implementation bugs, attackers with local access can still use it to compromise affected systems. Read this Cybersecurity Threat...
Cybersecurity Threat Advisory: CloudZ RAT targeting Microsoft Phone Link
A new CloudZ RAT variant uses a stealthy plugin called Pheno to hijack Microsoft Phone Link on Windows 10 and 11, allowing attackers to intercept SMS messages and one-time passcodes synced from mobile devices. Active since at least January, the...
Cybersecurity Threat Advisory: Telecoms targeted with new malware
A China‑linked advanced persistent threat group, UAT‑9244, has been targeting telecommunications (telecom) providers in South America since at least 2024. Learn more about this targeted campaign and how to protect your environment in this Cybersecurity Threat Advisory. What is the...
Cybersecurity Threat Advisory: Google security page spoofed in PWA attack
A phishing campaign is using a spoofed Google Account security page to distribute a malicious Progressive Web App (PWA). The app is designed to steal one‑time passcodes, collect cryptocurrency wallet addresses, and turn victims’ browsers into proxies for attacker traffic....
Cybersecurity Threat Advisory: Zero-day Cisco Catalyst SD-WAN flaw
A critical authentication‑bypass flaw in Cisco Catalyst SD‑WAN, tracked as CVE‑2026‑20127, is being actively exploited as a zero‑day. The vulnerability allows remote attackers to compromise controllers and introduce malicious rogue peers into targeted networks. Review the Cybersecurity Threat Advisory now...
Cybersecurity Threat Advisory: Critical FortiClientEMS SQL injection vulnerability
An improper neutralization of special elements used in SQL commands in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands through specially crafted HTTP requests. This vulnerability, tracked as CVE‑2026‑21643 with a CVSS score of...
Cybersecurity Threat Advisory: Critical vulnerability in IBM API Connect
A newly disclosed security vulnerability, CVE-2025-13915, affects IBM API Connect. This flaw could allow a remote attacker to bypass authentication and gain unauthorized access to applications. Review this Cybersecurity Threat Advisory for steps to mitigate your risk. What is the...
Cybersecurity Threat Advisory: Critical React2Shell vulnerability
There are two critical unauthenticated remote code execution vulnerabilities in the React Server Components (RSC) “Flight” protocol. Continue reading this Cybersecurity Threat Advisory to learn how to protect you and your clients’ environments. What is the threat? These critical vulnerabilities...
