Category: Security
Cybersecurity Threat Advisory: Active exploitation of Fortinet SQL injection vulnerability
Fortinet has issued urgent security guidance following the active exploitation of a critical SQL injection vulnerability affecting FortiClient Enterprise Management Server (EMS). The flaw allows unauthenticated attackers to achieve remote code execution through specially crafted HTTP requests sent to the...
Cybersecurity Threat Advisory: Axios NPM compromised by supply chain attack
The widely used HTTP client Axios was compromised recently in an incident that many researchers are attributing to a North Korean–linked cyberattack. Attackers gained access to the NPM account of an Axios maintainer, “jasonsaayman,” and published two malicious versions of...
Cybersecurity Threat Advisory: RoadK1ll Node.js WebSocket implant
Recent reporting has identified a Node.js–based post-exploitation implant known as RoadK1ll, observed in real-world intrusions as a lateral movement and network pivoting tool. Read this Cybersecurity Threat Advisory to protect you and your clients’ environments. What is the threat? RoadK1ll...
World Backup Day: A timely reminder for MSPs to lead with resilience
It’s World Backup Day! This is a global reminder that data loss is far more common—and more damaging—than many organizations realize. In fact, 21 percent of people have never backed up their data, while 29 percent of data loss incidents...
Making the case for a layered email security approach
MSPs have a lot of ground to cover with their clients. In addition to providing protection, there’s also persuasion. Many MSPs find themselves needing to justify additional cybersecurity investments at a time when budgets are under scrutiny—and that can make...
Cybersecurity Threat Advisory: Apple security updates for iOS vulnerabilities
Apple has released urgent security updates for older iPhones and iPads to address multiple vulnerabilities actively exploited in the wild via the Coruna exploit kit—a sophisticated attack framework used by both espionage groups and cybercriminals. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: PureLog Stealer malware campaign
A new malware campaign is using deceptive copyright infringement notices to distribute PureLog Stealer, targeting organizations across multiple sectors and countries. The malware operates primarily in memory and employs evasion techniques such as DLL sideloading to bypass traditional security controls....
Cybersecurity Threat Advisory: Telecoms targeted with new malware
A China‑linked advanced persistent threat group, UAT‑9244, has been targeting telecommunications (telecom) providers in South America since at least 2024. Learn more about this targeted campaign and how to protect your environment in this Cybersecurity Threat Advisory. What is the...
Cybersecurity Threat Advisory: Critical NetScaler ADC and Gateway vulnerability
Citrix has released security updates to address a critical information disclosure vulnerability affecting NetScaler ADC and NetScaler Gateway. The flaw allows unauthenticated remote attackers to retrieve sensitive information from vulnerable appliances via the HTTP/HTTPS interface. Read this Cybersecurity Threat Advisory...
How MSPs can keep the peace during conflict
When international conflicts arise — and the world has seen no shortage in recent years — organizations of all sizes need to stay especially alert. In many cases, managed service providers (MSPs) serve as the first line of defense, helping...
