Cybersecurity Threat Advisory: AryStinger malware exploits legacy routers
AryStinger is a newly discovered malware family that takes over outdated home and small office (SOHO) routers. Researchers at QiAnXin XLab have identified at least 4,300 infected legacy Realtek-based routers. Read the Cybersecurity Threat Advisory to mitigate your clients’ risk...
Cybersecurity Threat Advisory: PAN-OS GlobalProtect exploit
Palo Alto Networks has confirmed that attackers are actively exploiting a security flaw in PAN-OS GlobalProtect, tracked as CVE-2026-0257 with a CVSS score of 7.8. The vulnerability affects both on-premises firewalls and Prisma Access. Review the Cybersecurity Threat Advisory for...
Cybersecurity Threat Advisory: Exchange on-premise OWA vulnerability exploited
A Microsoft Exchange Server Outlook Web Access (OWA) spoofing vulnerability, tracked as CVE‑2026‑42897, is actively being exploited in the wild. This issue affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition across all update levels. Continue reading...
Cybersecurity Threat Advisory: Apache HTTP Server security issues
Apache has released Apache HTTP Server version 2.4.67 to address five security vulnerabilities, including a critical flaw that may allow remote code execution over HTTP/2 (CVE-2026-23918). Read this Cybersecurity Threat Advisory now to mitigate you and your clients’ risk. What...
Cybersecurity Threat Advisory: Ransomware turning off EDR with vulnerable drivers
Qilin and Warlock (also known as “Water Manaul”) ransomware groups are using bring your own vulnerable driver (BYOVD) techniques to disable endpoint security tools on Windows systems. These actors can shut down more than 300 EDR drivers across multiple security...
Cybersecurity Threat Advisory: Critical Veeam Backup flaws
Veeam has released critical security updates for its Backup & Replication product to address seven high‑severity vulnerabilities that could allow attackers to take over backup servers and tamper with stored backups. Users can exploit these flaws if they have valid...
Cybersecurity Threat Advisory: Chrome zero‑day exploit
Google has released emergency security updates for Chrome to fix CVE‑2026‑2441, a high‑severity zero‑day vulnerability in the browser’s CSS engine that attackers are already exploiting. The flaw is a use‑after‑free memory issue that allows a malicious or compromised website to...
Cybersecurity Threat Advisory: Critical DOS vulnerability in Palo Alto Networks
Palo Alto Networks has patched a high‑severity PAN‑OS vulnerability (CVE‑2026‑0227, CVSS 7.7) that allows unauthenticated attackers to disrupt GlobalProtect VPN gateways and portals, potentially forcing affected firewalls into maintenance mode. Review this Cybersecurity Threat Advisory to protect your clients’ systems...
Cybersecurity Threat Advisory: Cisco AsyncOS zero-day vulnerability
Cisco has disclosed a zero‑day vulnerability in AsyncOS that is actively being exploited, with a CVSS of 10.0. The Cybersecurity and Infrastructure Security Agency (CISA) added the CVE to its KEV catalog. Review this Cybersecurity Threat Advisory to reduce exposure...
Cybersecurity Threat Advisory: Fortinet FortiWeb vulnerability exploited
A Fortinet FortiWeb path traversal-driven authentication bypass vulnerability is actively exploited in the wild, affecting versions prior to 8.0.2. Researchers have observed automated spraying at scale. Review this Cybersecurity Threat Advisory to learn how to best protect your environment and...
