Category: Security
Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability
A high-severity SQL injection vulnerability, CVE-2025-25257, in Fortinet FortiWeb enables pre-authenticated remote code execution (RCE). It has a a CVSS score of 9.8. Review the details in this Cybersecurity Threat Advisory to keep your environment safe. What is the threat?...
The cybersecurity gap is real—And MSPs are the solution
Despite frequent headlines about successful cyberattacks, many small businesses remain unprepared. Small business cybersecurity is still falling short in the face of growing threats. A survey of 1,000 small businesses with annual revenues of less than $100 million finds that...
Cybersecurity Threat Advisory: Fortinet FortiOS buffer overflow vulnerability
Fortinet disclosed a FortiOS operating system vulnerability, CVE-2025-24477, which has a CVSS score of 4.0. This vulnerability enables an authorized attacker to execute arbitrary code or commands to escalate privileges. Review the details of this Cybersecurity Threat Advisory to protect...
Cloud success: The critical role MSPs play
After more than a decade of using cloud computing services, many organizations are still struggling to justify a return on investment (ROI). A survey of 350 senior IT leaders in the U.S finds that more than three-quarters (78 percent) admit finding it...
Cybersecurity Threat Advisory: Cisco Unified CM backdoor account removal
Cisco removed a backdoor account from its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME), tracked as CVE-2025-20309. This critical vulnerability, with a CVSS score of 10, enabled unauthorized remote access to unpatched...
Navigating endpoint security: The role of MSPs
According to Verizon’s 2025 Data Breach Investigations Report, more than two-thirds of breaches involve endpoints. Some eye-catching endpoint security statistics include: About 88 percent of breaches reported involving endpoints involved the use of stolen credentials. Thirty percent of compromised systems...
The SOC case files: XDR contains two nearly identical attacks leveraging ScreenConnect
Take a look at this edition of ‘The SOC case files’ to see how Barracuda’s Managed XDR team recently helped two companies mitigate incidents where attackers compromised computers and install rogue ScreenConnect remote management software. The incidents were neutralized before...
AWS sets higher standard for MSSP partners
Amazon Web Services (AWS) is raising the bar for managed security services providers (MSSPs) by adding a range of specialized certification requirements. An update to the AWS MSSP Competency program introduces specific categories, including infrastructure security, workload security, application security,...
Cybersecurity Threat Advisory: Zero-day Chrome vulnerability
Google has patched a high-severity zero-day vulnerability, tracked as CVE-2025-6554 with a CVSS score of 8.1, in Chrome’s V8 engine that allows attackers to execute arbitrary code via a crafted HTML page. Review the details of this Cybersecurity Threat Advisory...
MSPs: Unmask 2025’s stealthiest email threats and fortify client defenses
Managed Services Providers (MSPs) stand on the front lines of cybersecurity, and with email-based attacks continuing to surge in volume and sophistication, your role in protecting clients has never been more critical. Email remains the primary conduit for most cyber...
