Category: Security
Global Cyber Threats: December 2025 roundup
As we close out the year, it’s a good time to step back and assess the vulnerabilities being flagged by national cybersecurity agencies around the world. I routinely monitor updates from the Canadian Centre for Cyber Security and Australia’s—both among...
Cybersecurity Threat Advisory: Gogs zero-day vulnerability
A high-severity, unpatched vulnerability in the Gogs self-hosted Git service is being tracked as CVE-2025-8110. With a CVSS score of 8.7, it is under active exploitation, with more than 700 compromised instances exposed on the internet. Review this Cybersecurity Threat...
Cybersecurity Threat Advisory: WinRAR vulnerability exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6218, a path traversal vulnerability in WinRAR for Windows, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation by multiple advanced persistent threat (APT) groups. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws
Fortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature. Both carry a CVSS score of 9.8, signaling near-maximum severity. Read this Cybersecurity Threat Advisory for more details on how to secure your network infrastructure. What...
Cybersecurity Threat Advisory: Critical Microsoft Outlook vulnerability
A newly disclosed Microsoft Outlook vulnerability, tracked as CVE-2025-62562, could allow for remote code execution (RCE). Read this Cybersecurity Threat Advisory to mitigate you and your clients’ risk now. What is the threat? This use-after-free vulnerability introduces a use-after-free flaw...
Cybersecurity Threat Advisory: Critical ArrayOS VPN flaw
Attackers are exploiting a command injection vulnerability in ArrayOS AG VPN devices to plant PHP webshells and create rogue users. CISA has added this vulnerability to the Known Exploited Vulnerabilities (KEV) catalog. Review this Cybersecurity Threat Advisory to discover recommended...
Cybersecurity Threat Advisory: Apache Tika vulnerability
A maximum-severity Extensible Markup Language (XML) External Entity (XXE) injection vulnerability has been disclosed in Apache Tika, tracked as CVE-2025-66516 with a CVSS score of 10.0. Review this Cybersecurity Threat Advisory now to mitigate your risk and potential impact. What...
Q&A: How MSPs can strengthen municipal cyber defenses
Cities and municipalities continue to be under siege from hackers. In the past three months alone, several cities have been targeted by cybercriminals (and these are just the publicly reported cases): Michigan City, Indiana; Yellowknife, Canada; Sugar Land, Texas; McKinney,...
Barracuda Application Protection safeguards against critical React and Next.js flaws
Two newly disclosed critical remote code execution (RCE) vulnerabilities—CVE-2025-55182 and CVE-2025-66478—pose a serious threat to applications built on React and Next.js. These flaws allow attackers to execute arbitrary code on vulnerable systems, which can lead to application compromise, unauthorized access and potential...
Cybersecurity Threat Advisory: Android framework exploits
Google released the December 2025 Android Security Update to address 107 vulnerabilities across the Android OS and vendor components. The most critical aspect of this release is the remediation of two high-severity vulnerabilities. Review this Cybersecurity Threat Advisory to limit...
