Category: Security
Expert reflections: Top cybersecurity trends of 2025
As 2025 comes to a close, cybersecurity professionals are taking stock of a year shaped by both familiar threats and rising perils. So, what truly surprised security leaders this year—and what can we learn from it? To find out, I...
The 2025 ITRC Consumer Impact Report: A new era of identity crime
Founded in 1999, the Identity Theft Resource Center (ITRC) is a national nonprofit dedicated to empowering and guiding consumers, victims, businesses and government agencies to minimize risk and mitigate the impact of identity compromise and crime. The ITRC provides free...
Cybersecurity Threat Advisory: MongoDB RCE vulnerability
MongoDB has disclosed a high‑severity vulnerability, tracked as CVE‑2025‑14847, that could allow unauthenticated remote code execution (RCE). The flaw stems from the Zlib compression handler and can be exploited with low complexity, posing a serious risk to data confidentiality and...
Cybersecurity Threat Advisory: HPE OneView vulnerability enables RCE
A newly disclosed vulnerability, tracked as CVE‑2025‑37164, affects the Hewlett Packard Enterprise (HPE) OneView product and has been assigned a CVSS score of 10.0. Read this Cybersecurity Threat Advisory for more details and recommended steps to protect your environment. What...
Cyberattack targets included MSPs in energy sector
Amazon Web Services (AWS) has issued a stark reminder of just how dangerous and persistent cyberattacks targeting managed service providers (MSPs) can be—especially when those MSPs support critical industries. The cloud provider recently released new findings showing that a series...
Cybersecurity Threat Advisory: n8n vulnerability
The n8n workflow automation platform vulnerability, tracked as CVE‑2025‑68613, enables authenticated attackers to execute arbitrary code via expression injection in workflow definitions. Review this Cybersecurity Threat Advisory for actionable steps to mitigate your risk from this flaw. What is the...
Cybersecurity Threat Advisory: New SantaStealer malware
A new malware-as-a-service (MaaS) info-stealer, SantaStealer, is actively promoted on Telegram and underground forums, with operators reportedly beginning its release ahead of year-end 2025. Read this Cybersecurity Threat Advisory to learn how to reduce your risk from this emerging threat....
Cybersecurity Threat Advisory: WatchGuard Firebox firewall vulnerability
Attackers are actively exploiting a critical remote code execution (RCE) vulnerability in WatchGuard Firebox firewalls, tracked as CVE‑2025‑14733. Over 115,000 devices remain unpatched and exposed online, putting organizations at serious risk. Review this Cybersecurity Threat Advisory for remediation recommendations. What...
A look back at 2025, with an eye on 2026
It’s hard to believe 2025 is already nearing the rearview mirror. As the year winds down, SmarterMSP.com spoke with a variety of cybersecurity experts to reflect on this year’s major developments and what they anticipate as we head into 2026....
Cybersecurity Threat Advisory: SonicWall SMA 100 appliance vulnerability
A SonicWall SMA 100 vulnerability, tracked as CVE‑2025‑40602, is actively being exploited in the wild. SonicWall has issued patches, and CISA added the flaw to its KEV catalog, requiring federal agencies to patch by Dec. 24, 2025. Read this Cybersecurity...
