Category: Security
Cybersecurity Threat Advisory: Blue Hammer zero-day
A researcher leaked a zero‑day vulnerability dubbed “BlueHammer” to protest Microsoft’s handling of the private disclosure process. Although the published code contains implementation bugs, attackers with local access can still use it to compromise affected systems. Read this Cybersecurity Threat...
Cybersecurity Threat Advisory: CloudZ RAT targeting Microsoft Phone Link
A new CloudZ RAT variant uses a stealthy plugin called Pheno to hijack Microsoft Phone Link on Windows 10 and 11, allowing attackers to intercept SMS messages and one-time passcodes synced from mobile devices. Active since at least January, the...
Cybersecurity Threat Advisory: Apache HTTP Server security issues
Apache has released Apache HTTP Server version 2.4.67 to address five security vulnerabilities, including a critical flaw that may allow remote code execution over HTTP/2 (CVE-2026-23918). Read this Cybersecurity Threat Advisory now to mitigate you and your clients’ risk. What...
Cybersecurity Threat Advisory: “Copy Fail” Linux vulnerability
Security researchers have disclosed CVE-2026-31431, commonly known as “Copy Fail,” a high-impact Linux local privilege escalation vulnerability affecting multiple distributions, including enterprise and cloud-optimized variants. Read this Cybersecurity Threat Advisory now to mitigate you and your clients’ risk. What is...
How MSPs close the cloud migration security gap
When a client migrates to Microsoft 365 or Google Workspace, the instinct is to declare victory once emails are flowing, files are accessible, and users are productive again. The project feels complete. Except it isn’t, because security didn’t make the...
Cybersecurity Threat Advisory: Active exploitation of LiteLLM vulnerability
Security researchers have confirmed active exploitation of a critical SQL injection vulnerability in the LiteLLM proxy. This is an open‑source AI gateway widely used to centralize and manage API access to large language model (LLM) providers such as OpenAI, Anthropic,...
Cybersecurity Threat Advisory: Critical GitHub vulnerability
Researchers have recently disclosed details of a critical vulnerability affecting GitHub and GitHub Enterprise Server that could allow authenticated users to achieve remote code execution using a single git push command. The flaw has raised concerns about the security of millions...
Cyber insurance is changing the rules and MSPs must adapt
For years, cyber insurance was sold to small and mid-sized businesses as a backstop that would take the sting out of a hack. In the beginning, that is what happened. But the landscape is changing fast. More than 40 percent...
Deepfakes in 2026: How MSPs can stay ahead of AI‑driven fraud
Deepfake fraud losses in North America alone exceeded $200 million in the first quarter of 2025, according to Keepnet Labs. Meanwhile, the Deloitte Center for Financial Services projects that generative AI‑enabled fraud in the U.S. will grow from $12.3 billion...
Cybersecurity Threat Advisory: CPUID vulnerability
CPUID has confirmed a software supply chain attack that briefly compromised the official download infrastructure for its popular hardware monitoring tools, CPU‑Z and HWMonitor. During a limited exposure window, attackers manipulated download links on the CPUID website, causing users to...
