Category: Security
Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability
Attackers are actively exploiting CVE-2025-40599, a critical vulnerability in SonicWall’s Secure Mobile Access (SMA) devices, to upload arbitrary files and gain unauthorized access. This flaw enables them to execute malicious code and compromise affected systems. The Akira ransomware group is...
Cybersecurity Threat Advisory: SonicWall SSL VPN targeted by Akira ransomware – updated
Update: This post was updated on August 7, 2025, to reflect corrected information regarding this threat. An Akira ransomware campaign is specifically targeting SonicWall SSL VPN devices. Attackers are actively exploiting these vulnerabilities to gain unauthorized access to corporate networks....
MSPs: Stop account takeovers (ATO) cold
Account takeover (ATO) cyberattacks are a particularly pernicious and challenging threat to combat. They have only grown more complex as credential management becomes increasingly intricate across organizations. According to a recent Barracuda 2025 Email Threats Report, 20% of companies experience...
Threat Spotlight: How attackers poison AI tools and defenses
Barracuda has reported on how generative artificial intellegence (AI) is being used to create and distribute spam emails and craft highly persuasive phishing attacks. These threats continue to evolve and escalate — but they are not the only ways in...
Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review...
Cybersecurity Threat Advisory: Active Microsoft 365 ‘Direct Send’ exploitation
Security researchers have identified an active phishing campaign that exploits Microsoft 365’s “Direct Send” feature to bypass email security controls. This tactic allows attackers to deliver malicious emails that appear to originate from internal users. Continue reading this Cybersecurity Threat...
CISA alerts: Why they belong on every MSP’s watchlist
Last week, we looked at how cybercriminals ramp up their activity during the summer months. As pool parties and vacation plans start, so do escalating cybersecurity alerts from both CISA and the Canadian Centre for Cyber Security. With organizations running...
Email Threat Radar – July 2025
In this month’s edition of the Email Threat Radar, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world. Many of them leveraged popular phishing-as-a-service (PhaaS) kits. The threats include: Tycoon PhaaS impersonating the Autodesk Construction Cloud for...
Cybersecurity Threat Advisory: Vulnerability in Google’s Gemini for Workspace
A newly discovered vulnerability in Google’s Gemini for Workspace allows attackers to manipulate artificial intelligence (AI)-generated email summaries. Threat actors embed concealed instructions in seemingly benign emails to bypass traditional email security. Review the details within this Cybersecurity Threat Advisory...
Survey: MSPs play a pivotal role to organizations’ cloud success
A survey of over 280 IT leaders from organizations in the U.S. and Europe, each generating over $200 million in annual revenue, reveals that 57 percent expect to increase their reliance on managed service providers (MSPs) for managing, governing, and...
