Category: Security

Cybersecurity Threat Advisory: Fortinet authentication bypass vulnerability
A critical vulnerability was identified in Fortinet’s FortiProxy, FortiSwitchManager, and FortiOS products. This vulnerability, CVE-2025-22252, enables an attacker who possess knowledge of an existing administrative account to bypass authentication and gain unauthorized access to the device as a valid administrator....

AI and MSPs: Navigating the new cybersecurity frontier
Managed service providers (MSPs) have seen their portfolios expand significantly over the past decade, from primarily handling the nuts and bolts of systems to becoming frontline defenders in an increasingly complex digital threat landscape. However, there is a growing component...

Cybersecurity Threat Advisory: ViciousTrap exploiting Cisco vulnerability
Researchers have identified a new threat actor, “ViciousTrap”, actively exploiting a well-known vulnerability (CVE-2023-20118) to compromise over 5,300 Cisco Edge devices. The attackers are exploiting this flaw to establish a global honeypot network, posing a significant risk to the affected...

Cybersecurity Threat Advisory: AWS default IAM roles risks
Cybersecurity researchers have uncovered critical vulnerabilities arising from default Identity and Access Management (IAM) roles in Amazon Web Services (AWS). Service setups often create these roles automatically or recommend them, granting excessive permissions that expose environments to privilege escalation and...

Cybersecurity Threat Advisory: Ivanti EPMM vulnerability
Ivanti has released updates for Endpoint Manager Mobile (EPMM) that address one medium and one high-severity vulnerability. When chained together, these vulnerabilities can enable unauthenticated remote code execution (RCE). Review the details in this Cybersecurity Threat Advisory for information on...

Cyber insurance: A must for MSPs
If you don’t carry cyber insurance yet, you may want to reconsider. Statistics show that if you are an MSP owner, you probably already have it, with 91.7 percent of managed service providers (MSPs) carry cyber insurance specifically for their operations,...

Cybersecurity Threat Advisory: SAP critical vulnerabilities
SAP has released patches to address a second vulnerability, CVE-2025-42999, affecting its SAP NetWeaver tool. The vulnerability involves a privilege escalation issue that, when chained with SAP’s CVE-2025-31324 vulnerability (unauthenticated file upload flaw in SAP NetWeaver Visual Composer), can enable...