Category: Security
A look back at 2025, with an eye on 2026
It’s hard to believe 2025 is already nearing the rearview mirror. As the year winds down, SmarterMSP.com spoke with a variety of cybersecurity experts to reflect on this year’s major developments and what they anticipate as we head into 2026....
Cybersecurity Threat Advisory: SonicWall SMA 100 appliance vulnerability
A SonicWall SMA 100 vulnerability, tracked as CVE‑2025‑40602, is actively being exploited in the wild. SonicWall has issued patches, and CISA added the flaw to its KEV catalog, requiring federal agencies to patch by Dec. 24, 2025. Read this Cybersecurity...
Cybersecurity Threat Advisory: Cisco AsyncOS zero-day vulnerability
Cisco has disclosed a zero‑day vulnerability in AsyncOS that is actively being exploited, with a CVSS of 10.0. The Cybersecurity and Infrastructure Security Agency (CISA) added the CVE to its KEV catalog. Review this Cybersecurity Threat Advisory to reduce exposure...
Cybersecurity Threat Advisory: FreePBX critical vulnerabilities
Several vulnerabilities in the FreePBX platform have been disclosed and patched, including a critical authentication bypass and flaws enabling SQL injection and arbitrary file upload. Read this Cybersecurity Threat Advisory for an analysis, remediation steps, and detection guidance. What is...
Global Cyber Threats: December 2025 roundup
As we close out the year, it’s a good time to step back and assess the vulnerabilities being flagged by national cybersecurity agencies around the world. I routinely monitor updates from the Canadian Centre for Cyber Security and Australia’s—both among...
Cybersecurity Threat Advisory: Gogs zero-day vulnerability
A high-severity, unpatched vulnerability in the Gogs self-hosted Git service is being tracked as CVE-2025-8110. With a CVSS score of 8.7, it is under active exploitation, with more than 700 compromised instances exposed on the internet. Review this Cybersecurity Threat...
Cybersecurity Threat Advisory: WinRAR vulnerability exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6218, a path traversal vulnerability in WinRAR for Windows, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation by multiple advanced persistent threat (APT) groups. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws
Fortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature. Both carry a CVSS score of 9.8, signaling near-maximum severity. Read this Cybersecurity Threat Advisory for more details on how to secure your network infrastructure. What...
Cybersecurity Threat Advisory: Critical Microsoft Outlook vulnerability
A newly disclosed Microsoft Outlook vulnerability, tracked as CVE-2025-62562, could allow for remote code execution (RCE). Read this Cybersecurity Threat Advisory to mitigate you and your clients’ risk now. What is the threat? This use-after-free vulnerability introduces a use-after-free flaw...
Cybersecurity Threat Advisory: Critical ArrayOS VPN flaw
Attackers are exploiting a command injection vulnerability in ArrayOS AG VPN devices to plant PHP webshells and create rogue users. CISA has added this vulnerability to the Known Exploited Vulnerabilities (KEV) catalog. Review this Cybersecurity Threat Advisory to discover recommended...
