Category: Security

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SAP critical vulnerabilities

Cybersecurity Threat Advisory: SAP critical vulnerabilities

SAP has released patches to address a second vulnerability, CVE-2025-42999, affecting its SAP NetWeaver tool. The vulnerability involves a privilege escalation issue that, when chained with SAP’s CVE-2025-31324 vulnerability (unauthenticated file upload flaw in SAP NetWeaver Visual Composer), can enable...

/ May 16, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Fortinet

Cybersecurity Threat Advisory: Critical zero-day vulnerability in Fortinet

A critical zero-day vulnerability affecting several Fortinet products, most notably FortiVoice enterprise phone systems, has recently been patched. Attackers are actively exploiting CVE-2025-32756 in the wild. Read the details of this Cybersecurity Threat Advisory to learn how to keep your...

/ May 15, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: ClickFix attack spreading malware

Cybersecurity Threat Advisory: ClickFix attack spreading malware

The official website of iClicker, a platform used for student engagement and classroom polling, was recently compromised in a ClickFix-style social engineering attack. Continue reading this Cybersecurity Threat Advisory to learn how to keep your systems safe. What is the...

/ May 15, 2025
Federal IT reviews signal fresh MSP opportunities ahead

Federal IT reviews signal fresh MSP opportunities ahead

Federal IT contractors have been facing major changes recently as part of the government’s broader effort to reduce overall spending. Leading systems integrators such as Accenture and Booz Allen are reportedly being asked to identify billions of dollars in savings...

/ May 15, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical ASUS vulnerabilities

Cybersecurity Threat Advisory: Critical ASUS vulnerabilities

Researchers have discovered two vulnerabilities within the ASUS DriverHub driver management tool that can allow malicious sites to execute commands on targeted devices. They have found no evidence that threat actors have exploited these vulnerabilities in real-world scenarios. Review the...

/ May 14, 2025
CIRP
An MSP’s guide to building cybersecurity incident response plan

An MSP’s guide to building cybersecurity incident response plan

Last week, we spoke with industry experts about why every organization needs a solid cybersecurity incident response plan (CIRP). This week, we’re taking it a step further—breaking down the essential steps Managed Service Providers (MSPs) should follow to build a...

/ May 13, 2025
soc threat radar
SOC Threat Radar — May 2025

SOC Threat Radar — May 2025

In this edition of the SOC Threat Radar, Barracuda Managed XDR’s security solutions, threat intelligence, and SOC analysts highlight key developments from the past month that organizations should have on their radar, including: A 38% rise in attacks targeting FortiGate...

/ May 12, 2025 / 4 Comments
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Cisco critical vulnerability

Cybersecurity Threat Advisory: Cisco critical vulnerability

Cisco has released software patches to fix a critical security flaw, CVE-2025-20188, affecting its IOS XE Wireless Controller software. With a maximum CVSS score of 10.0, the vulnerability could enable unauthenticated remote attackers to gain full root access to impacted...

/ May 12, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Commvault Command Center vulnerability

Cybersecurity Threat Advisory: Critical Commvault Command Center vulnerability

Commvault Command Center has been impacted by a critical security vulnerability, CVE-2025-34028, with a CVSS score of 10. This vulnerability enables remote code execution (RCE). Review the details of this Cybersecurity Threat Advisory to minimize the risk from this threat....

/ May 7, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: BYOI endpoint detection and response bypass

Cybersecurity Threat Advisory: BYOI endpoint detection and response bypass

A sophisticated attack technique known as “Bring Your Own Installer” (BYOI) has been employed by threat actors to bypass SentinelOne’s tamper protection, facilitating the deployment of Babuk ransomware. This method leverages legitimate installers to execute malicious payloads, effectively evading endpoint...

/ May 7, 2025