Category: Security
Cybersecurity Threat Advisory: 7-Zip symbolic link vulnerability
Attackers are actively exploiting a high-severity 7-Zip vulnerability, CVE-2025-11001. Attackers use malicious archives to abuse symbolic links, forcing writes outside the intended extraction directory and enabling remote code execution (RCE) when users interact. Review this Cybersecurity Threat Advisory for remediation...
Email Threat Radar — November 2025
Over the last month, Barracuda threat analysts have seen the following notable developments in email-based threats targeting organizations: New tools and tactics for the Tycoon 2FA phishing kit Invisible characters that help Cephas kit evade scanners and rules A sophisticated...
Staying cyber safe while hackers chase holiday cheer
The holidays are almost upon us. That means pass the stuffing, brine the turkey, wrap the presents, and hang the stockings with care. It also means hackers are hiding in the holly, waiting for a moment of distraction from all...
Cybersecurity Threat Advisory: Fortinet FortiWeb vulnerability exploited
A Fortinet FortiWeb path traversal-driven authentication bypass vulnerability is actively exploited in the wild, affecting versions prior to 8.0.2. Researchers have observed automated spraying at scale. Review this Cybersecurity Threat Advisory to learn how to best protect your environment and...
Cybersecurity Threat Advisory: Severe N-able vulnerabilities
Two critical vulnerabilities were disclosed by N-able in the N-central RMM platform, with one having a maximum severity rating. To help safeguard you and your customers’ environments, please review the best practices outlined in this Cybersecurity Threat Advisory. What is...
Why MSPs need to adapt email defenses in the GenAI era
Artificial intelligence (AI) is a double-edged sword: The same technology that can draft emails or write software code can also be exploited for nefarious purposes. For example, today, cybercriminals are leveraging AI to enhance email-based attacks, such as phishing, by...
Cybersecurity Threat Advisory: Cisco and Citrix zero-day exploits
An advanced threat actor is exploiting two previously disclosed zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix NetScaler ADC to deploy custom malware and maintain persistence on targeted networks. Reports indicate the attacker is chaining appliance exploits to...
Cybersecurity Threat Advisory: Critical Windows Kernel zero-day vulnerability
CVE-2025-62215 is a Windows Kernel flaw that lets attackers escalate to SYSTEM privileges, persist, access data, and move laterally. Attackers are actively exploiting this zero-day in the wild. Review this Cybersecurity Threat Advisory for best practices and recommendations to mitigate...
Cybersecurity Threat Advisory: Critical WatchGuard Fireware vulnerability
CISA has added CVE-2025-9242 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation in the wild. This critical flaw allows unauthenticated remote code execution (RCE) via malformed IKEv2 VPN packets in WatchGuard Fireware. Continue reading this Cybersecurity Threat Advisory...
The 2025 BYOD Playbook: Practical steps for scalable security
This week we continue our series exploring bring your own device (BYOD) in 2025. The state of BYOD in the workplace has evolved since its pandemic-era popularity. As BYOD policies adapt in 2025, managed service providers (MSPs) face mounting pressure...
