Category: Security
Cybersecurity Threat Advisory: FileFix attack weaponizes Windows File Explorer
Security researchers have uncovered a new attack method known as “FileFix,” which exploits Windows File Explorer to execute stealthy PowerShell commands. By abusing legitimate Windows functionality, attackers can run malicious code while evading traditional security controls. Read this Cybersecurity Threat...
Cybersecurity Threat Advisory: Microsoft SQL server zero-day vulnerability
A critical information disclosure vulnerability has been identified in Microsoft SQL Server, designated as CVE-2025-49719 with a CVSS score of 7.5. This vulnerability allows unauthorized attackers to access sensitive data over a network, posing a serious risk to organizations that...
Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability
A high-severity SQL injection vulnerability, CVE-2025-25257, in Fortinet FortiWeb enables pre-authenticated remote code execution (RCE). It has a a CVSS score of 9.8. Review the details in this Cybersecurity Threat Advisory to keep your environment safe. What is the threat?...
The cybersecurity gap is real—And MSPs are the solution
Despite frequent headlines about successful cyberattacks, many small businesses remain unprepared. Small business cybersecurity is still falling short in the face of growing threats. A survey of 1,000 small businesses with annual revenues of less than $100 million finds that...
Cybersecurity Threat Advisory: Fortinet FortiOS buffer overflow vulnerability
Fortinet disclosed a FortiOS operating system vulnerability, CVE-2025-24477, which has a CVSS score of 4.0. This vulnerability enables an authorized attacker to execute arbitrary code or commands to escalate privileges. Review the details of this Cybersecurity Threat Advisory to protect...
Cloud success: The critical role MSPs play
After more than a decade of using cloud computing services, many organizations are still struggling to justify a return on investment (ROI). A survey of 350 senior IT leaders in the U.S finds that more than three-quarters (78 percent) admit finding it...
Cybersecurity Threat Advisory: Cisco Unified CM backdoor account removal
Cisco removed a backdoor account from its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME), tracked as CVE-2025-20309. This critical vulnerability, with a CVSS score of 10, enabled unauthorized remote access to unpatched...
Navigating endpoint security: The role of MSPs
According to Verizon’s 2025 Data Breach Investigations Report, more than two-thirds of breaches involve endpoints. Some eye-catching endpoint security statistics include: About 88 percent of breaches reported involving endpoints involved the use of stolen credentials. Thirty percent of compromised systems...
The SOC case files: XDR contains two nearly identical attacks leveraging ScreenConnect
Take a look at this edition of ‘The SOC case files’ to see how Barracuda’s Managed XDR team recently helped two companies mitigate incidents where attackers compromised computers and install rogue ScreenConnect remote management software. The incidents were neutralized before...
AWS sets higher standard for MSSP partners
Amazon Web Services (AWS) is raising the bar for managed security services providers (MSSPs) by adding a range of specialized certification requirements. An update to the AWS MSSP Competency program introduces specific categories, including infrastructure security, workload security, application security,...
