Category: Security
Cybersecurity Threat Advisory: FortiCloud SSO exploitation
Threat actors are actively exploiting CVE‑2026‑24858 to log into FortiOS and other Fortinet products via FortiCloud SSO (when enabled), create persistent local admin accounts, and steal device configuration files. Review the Cybersecurity Threat Advisory now to protect you and your...
Cybersecurity Threat Advisory: Critical Veeam Backup flaws
Veeam has released critical security updates for its Backup & Replication product to address seven high‑severity vulnerabilities that could allow attackers to take over backup servers and tamper with stored backups. Users can exploit these flaws if they have valid...
The quiet comeback of credential-based attacks
Stolen credentials have been around as long as email itself. This retro attack vector is making a comeback due to its low cost and simplicity. According to Barracuda’s 2025 Email Security Breach Report, credential compromise attacks are becoming both more...
Cybersecurity Threat Advisory: “Zombie ZIP” archive evasion technique
A new evasion technique known as Zombie ZIP is exposing blind spots in how security tools scan archived files. By manipulating ZIP metadata, attackers can conceal malware inside archives that appear corrupted but still deliver payloads on compromised systems. Review...
How AI and automation are redefining the MSP value proposition
Key takeaways AI and automation are shifting MSPs from reactive problem-solvers to proactive, predictive partners who anticipate customer needs. Embedding next‑generation technologies into service delivery improves efficiency, reduces manual workload, and frees teams to focus on strategic initiatives. AI‑driven insights...
Cybersecurity Threat Advisory: Apache ZooKeeper vulnerability
Recently, two important‑level severity vulnerabilities were identified in Apache ZooKeeper, a service widely used for configuration management and naming in distributed applications. These issues make timely security updates critical. The vulnerabilities could allow attackers to access sensitive configuration data or...
Cybersecurity Threat Advisory: Malware campaign targeting HR workflows
A new malware campaign known as BlackSanta is actively targeting HR and recruitment personnel through realistic job‑related lures and weaponized documents. Once victims open malicious files, the malware deploys a highly capable EDR‑killer designed to disable endpoint protection before delivering...
AI is making phishing smarter and MSPs need to keep up
The numbers are jarring: according to Barracuda Networks data, 91 percent of all cyberattacks begin with a phishing email, costing businesses billions of dollars annually. The goal of these attacks hasn’t changed since the mid‑1990s — trick someone into wiring...
How Managed XDR helps MSPs stay ahead of heightened cyber activity
Just before the start of the conflict in the Middle East, Barracuda Managed XDR’s global Security Operations Center (SOC) observed a sharp surge in cyber activity—specifically, a ten‑fold increase in malicious traffic coming from Iran and targeting the United States....
Cybersecurity Threat Advisory: Google security page spoofed in PWA attack
A phishing campaign is using a spoofed Google Account security page to distribute a malicious Progressive Web App (PWA). The app is designed to steal one‑time passcodes, collect cryptocurrency wallet addresses, and turn victims’ browsers into proxies for attacker traffic....
