Category: Security
Cybersecurity Threat Advisory: Fortinet authentication bypass vulnerability
A critical vulnerability was identified in Fortinet’s FortiProxy, FortiSwitchManager, and FortiOS products. This vulnerability, CVE-2025-22252, enables an attacker who possess knowledge of an existing administrative account to bypass authentication and gain unauthorized access to the device as a valid administrator....
New global business research shows how security sprawl increases risk
International research for Barracuda shows that 65% of organizations believe they have too many security tools, and over half (53%) say their tools can’t be integrated. This lack of integration significantly weakens defenses, with 77% saying it hinders detection and...
AI and MSPs: Navigating the new cybersecurity frontier
Managed service providers (MSPs) have seen their portfolios expand significantly over the past decade, from primarily handling the nuts and bolts of systems to becoming frontline defenders in an increasingly complex digital threat landscape. However, there is a growing component...
Introducing the new BarracudaONE AI-powered cybersecurity platform
We are thrilled to introduce BarracudaONE, an artificial intelligence (AI)-powered cybersecurity platform that delivers integrated products accessible from a centralized dashboard. BarracudaONE maximizes protection and cyber resilience, and is easy to buy, deploy and use. BarracudaONE empowers IT teams, business leaders...
Cybersecurity Threat Advisory: ViciousTrap exploiting Cisco vulnerability
Researchers have identified a new threat actor, “ViciousTrap”, actively exploiting a well-known vulnerability (CVE-2023-20118) to compromise over 5,300 Cisco Edge devices. The attackers are exploiting this flaw to establish a global honeypot network, posing a significant risk to the affected...
Cybersecurity Threat Advisory: AWS default IAM roles risks
Cybersecurity researchers have uncovered critical vulnerabilities arising from default Identity and Access Management (IAM) roles in Amazon Web Services (AWS). Service setups often create these roles automatically or recommend them, granting excessive permissions that expose environments to privilege escalation and...
Cybersecurity Threat Advisory: Ivanti EPMM vulnerability
Ivanti has released updates for Endpoint Manager Mobile (EPMM) that address one medium and one high-severity vulnerability. When chained together, these vulnerabilities can enable unauthenticated remote code execution (RCE). Review the details in this Cybersecurity Threat Advisory for information on...
The SOC case files: Ransomware gang reemerges to face a wall of XDR defenses
Dive into this edition of ‘The SOC case files’ to see how the Barracuda’s Managed XDR team recently contained a suspected ransomware attack after the attackers gained access to a company’s network before it installed Managed XDR, compromising several Windows...
Cyber insurance: A must for MSPs
If you don’t carry cyber insurance yet, you may want to reconsider. Statistics show that if you are an MSP owner, you probably already have it, with 91.7 percent of managed service providers (MSPs) carry cyber insurance specifically for their operations,...
Cybersecurity Threat Advisory: SAP critical vulnerabilities
SAP has released patches to address a second vulnerability, CVE-2025-42999, affecting its SAP NetWeaver tool. The vulnerability involves a privilege escalation issue that, when chained with SAP’s CVE-2025-31324 vulnerability (unauthenticated file upload flaw in SAP NetWeaver Visual Composer), can enable...
