Category: Security
Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review...
Cybersecurity Threat Advisory: Active Microsoft 365 ‘Direct Send’ exploitation
Security researchers have identified an active phishing campaign that exploits Microsoft 365’s “Direct Send” feature to bypass email security controls. This tactic allows attackers to deliver malicious emails that appear to originate from internal users. Continue reading this Cybersecurity Threat...
CISA alerts: Why they belong on every MSP’s watchlist
Last week, we looked at how cybercriminals ramp up their activity during the summer months. As pool parties and vacation plans start, so do escalating cybersecurity alerts from both CISA and the Canadian Centre for Cyber Security. With organizations running...
Email Threat Radar – July 2025
In this month’s edition of the Email Threat Radar, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world. Many of them leveraged popular phishing-as-a-service (PhaaS) kits. The threats include: Tycoon PhaaS impersonating the Autodesk Construction Cloud for...
Cybersecurity Threat Advisory: Vulnerability in Google’s Gemini for Workspace
A newly discovered vulnerability in Google’s Gemini for Workspace allows attackers to manipulate artificial intelligence (AI)-generated email summaries. Threat actors embed concealed instructions in seemingly benign emails to bypass traditional email security. Review the details within this Cybersecurity Threat Advisory...
Survey: MSPs play a pivotal role to organizations’ cloud success
A survey of over 280 IT leaders from organizations in the U.S. and Europe, each generating over $200 million in annual revenue, reveals that 57 percent expect to increase their reliance on managed service providers (MSPs) for managing, governing, and...
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability
CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...
Cybersecurity Threat Advisory: Microsoft SharePoint zero-day vulnerability
Attackers are actively exploiting CVE-2025-53770, a critical zero-day vulnerability in Microsoft SharePoint, to execute remote code without authentication. This flaw allows attackers to deploy persistent malware and potentially exfiltrate sensitive data from unpatched on-premises environments. Review the full details in...
Vacation season is open season for cybercriminals: Here’s why
For school children, summer means lazy days of swimming pools, splash pads, melting ice cream cones, and camp. For cybersecurity professionals, it means being on guard 24/7, because cybercriminals don’t take a summer break. The summertime impact Cyberattacks now occur...
Barracuda launches Entra ID Backup Premium to strengthen Microsoft Identity data recovery
Barracuda has introduced Entra ID Backup Premium, a SaaS-based solution designed to help organizations recover Microsoft Entra ID data beyond the platform’s default 30-day retention window. The launch adds a critical layer to identity protection, enabling fast restoration of users,...
