Category: Security
Cybersecurity Threat Advisory: Compromised OpenVSX delivering GlassWorm malware
A new GlassWorm malware campaign is targeting macOS developer systems through compromised OpenVSX extensions. Continue reading this Cybersecurity Threat Advisory to learn more about this threat and how to protect your environment. What is the threat? A threat actor gained...
MSPs need to move beyond monitoring to embrace observability
Monitoring has long been a foundational element of any managed services portfolio. But as IT environments grow more distributed and complex, organizations now expect service providers to go further—beyond simply tracking metrics to truly observing what’s happening across their systems...
Cybersecurity Threat Advisory: Supply chain attack impacting Notepad++
A supply‑chain compromise affecting Notepad++’s official update infrastructure allowed threat actors to redirect some users to attacker‑controlled downloads, potentially leading to malware delivery and code execution on affected endpoints. Read this Cybersecurity Threat Advisory to learn more and understand how...
Shadow IT: A growing risk and opportunity for MSPs
MSPs already juggle a growing list of responsibilities—and that list keeps expanding while resources do not. One issue increasingly demanding attention is the rise of employees adopting tools that neither internal IT nor the MSP has approved. This concern comes...
Cybersecurity Threat Advisory: Tsundere Bot malware loader
A new malware loader, Tsundere Bot, is increasingly used by criminal Initial Access Brokers (IABs) to compromise corporate environments and pave the way for ransomware attacks. Recent public reporting links Tsundere Bot to ClickFix‑style phishing, malicious loaders delivered through user...
Cybersecurity Threat Advisory: Ivanti RCE vulnerabilities
Security researchers at Ivanti have disclosed two high‑severity vulnerabilities in the Endpoint Manager Mobile (EPMM) platform, tracked as CVE‑2026‑1340 and CVE‑2026‑1281, both carrying a CVSS score of 9.8. Ivanti has released an initial patch, with full mitigation expected in an...
Start the year strong: 10 essential questions every IT team should address
It’s a new year (and also a day ending in Y), which means it’s an excellent time for you to review your security posture. Use your renewed energy to seriously analyze your vulnerabilities, detection methods and organizational procedures. Answer these...
Cybersecurity Threat Advisory: TamperedChef—Malicious PDF editing application
TamperedChef is an information‑stealing malware distributed through a trojanized PDF editing tool called AppSuite PDF Editor. The application is promoted using malicious websites and Google Ads, enticing users to download what appears to be a legitimate installer. Review this Cybersecurity...
Cybersecurity Threat Advisory: Critical SolarWinds Web Help Desk flaws
SolarWinds has released security updates addressing multiple vulnerabilities in its Web Help Desk (WHD) product, including four critical flaws—CVE‑2025‑40551, CVE‑2025‑40552, CVE‑2025‑40553, and CVE‑2025‑40554—that enable authentication bypass and remote code execution (RCE). These issues allow attackers to gain unauthorized access and...
Cybersecurity Threat Advisory: Malicious VS Code extension impersonating Clawdbot
Security researchers discovered a malicious Visual Studio Code (VS Code) extension named “ClawdBot Agent” impersonating the trending AI assistant Clawdbot. Although it offers functional AI coding features, the extension secretly deploys a weaponized remote access tool on Windows systems immediately...
