Category: Security
Q&A: How MSPs can strengthen municipal cyber defenses
Cities and municipalities continue to be under siege from hackers. In the past three months alone, several cities have been targeted by cybercriminals (and these are just the publicly reported cases): Michigan City, Indiana; Yellowknife, Canada; Sugar Land, Texas; McKinney,...
Barracuda Application Protection safeguards against critical React and Next.js flaws
Two newly disclosed critical remote code execution (RCE) vulnerabilities—CVE-2025-55182 and CVE-2025-66478—pose a serious threat to applications built on React and Next.js. These flaws allow attackers to execute arbitrary code on vulnerable systems, which can lead to application compromise, unauthorized access and potential...
Cybersecurity Threat Advisory: Android framework exploits
Google released the December 2025 Android Security Update to address 107 vulnerabilities across the Android OS and vendor components. The most critical aspect of this release is the remediation of two high-severity vulnerabilities. Review this Cybersecurity Threat Advisory to limit...
Cybersecurity Threat Advisory: Critical React2Shell vulnerability
There are two critical unauthenticated remote code execution vulnerabilities in the React Server Components (RSC) “Flight” protocol. Continue reading this Cybersecurity Threat Advisory to learn how to protect you and your clients’ environments. What is the threat? These critical vulnerabilities...
Cybersecurity Threat Advisory: FortiWeb vulnerabilities in unsupported versions
Security researchers and CISA have warned that Fortinet FortiWeb appliances with unsupported versions are actively being exploited. Fortinet has issued patches for supported versions, but many organizations still run outdated FortiWeb devices, leaving them exposed. Read the Cybersecurity Threat Advisory...
Municipal cyber risk unveiled: How MSPs can stand guard
My hometown of Middletown, Ohio recently made local news after hackers disrupted the city’s water billing system and other services. The episode raised a timely question: how are cities becoming prime targets, and what can managed service providers (MSPs) and...
Frontline security predictions 2026: The battle for reality and control with agentic AI
The power and potential of agentic AI — adaptive, automated and independent — dominated security conversations during 2025. Barracuda asked four colleagues leading cyberthreat and security areas around the world, what they expect from agentic AI in 2026 and what this...
Cybersecurity Threat Advisory: Oracle Identity Manager vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. Read this Cybersecurity Threat Advisory to learn about the current risk and apply relevant patches now. What...
Cybersecurity Threat Advisory: Fluent Bit vulnerabilities
Five vulnerabilities have been identified in Fluent Bit. Upon a successful exploitation, attackers could bypass authentication, perform path traversal, execute remote code, or cause denial of service. Review this Cybersecurity Threat Advisory now to secure you or your clients’ infrastructure....
Cybersecurity Threat Advisory: Critical Grafana SCIM vulnerability
A critical security vulnerability in Grafana Enterprise could allow attackers to escalate privileges and impersonate users. Tracked as CVE-2025-41115, the flaw carries the maximum CVSS score of 10.0. Continue reading this Cybersecurity Threat Advisory to learn how to protect you...
