Tag: Cybersecurity Threat Advisory

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical ServiceNow vulnerability

Cybersecurity Threat Advisory: Critical ServiceNow vulnerability

ServiceNow has disclosed a critical vulnerability, tracked as CVE-2026-6875, with a CVSS score of 9.5, that could allow unauthenticated attackers to execute code in affected ServiceNow environments. The flaw is classified as a sandbox escape vulnerability and affects both hosted...

/ July 17, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SilverFox deploys ValleyRAT rootkit

Cybersecurity Threat Advisory: SilverFox deploys ValleyRAT rootkit

SilverFox threat actors are actively running a ValleyRAT campaign to bypass security controls, escalate privileges, and maintain deep system access while avoiding detection. Organizations should treat this as a high-priority threat. Continue reading this Cybersecurity Threat Advisory to protect against...

/ July 10, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Adobe ColdFusion exploited

Cybersecurity Threat Advisory: Adobe ColdFusion exploited

Adobe has confirmed that attackers are actively exploiting CVE-2026-48282, a maximum-severity vulnerability in Adobe ColdFusion. Threat intelligence reports indicate exploitation began within hours of disclosure. The flaw affects ColdFusion versions 2025.9, 2023.20, and earlier, allowing remote code execution on unpatched...

/ July 9, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: EvilTokens targets Microsoft 365

Cybersecurity Threat Advisory: EvilTokens targets Microsoft 365

Recent research describes a phishing kit called EvilTokens. It is actively targeting organizations in the U.S. and Europe, especially those in finance and other high-value sectors. Barracuda recommends deploying browser-aware phishing analysis and strengthening Microsoft 365 OAuth and device-code controls....

/ July 8, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: LSHIY password spray campaign

Cybersecurity Threat Advisory: LSHIY password spray campaign

This Cybersecurity Threat Advisory covers a large-scale password and token spray campaign targeting Microsoft Azure CLI authentication flows. Researchers linked the campaign to activity originating from the IPv6 range 2a0a:d683::/32. The range is associated with LSHIY LLC / AS32167. Researchers...

/ July 8, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: AryStinger malware exploits legacy routers

Cybersecurity Threat Advisory: AryStinger malware exploits legacy routers

AryStinger is a newly discovered malware family that takes over outdated home and small office (SOHO) routers. Researchers at QiAnXin XLab have identified at least 4,300 infected legacy Realtek-based routers. Read the Cybersecurity Threat Advisory to mitigate your clients’ risk...

/ June 25, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: PAN-OS GlobalProtect exploit

Cybersecurity Threat Advisory: PAN-OS GlobalProtect exploit

Palo Alto Networks has confirmed that attackers are actively exploiting a security flaw in PAN-OS GlobalProtect, tracked as CVE-2026-0257 with a CVSS score of 7.8. The vulnerability affects both on-premises firewalls and Prisma Access. Review the Cybersecurity Threat Advisory for...

/ June 22, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: NinjaOne RMM phishing campaign

Cybersecurity Threat Advisory: NinjaOne RMM phishing campaign

A recent phishing campaign is using a legitimate remote access tool to take over victims’ computers, all without deploying malware. This active operation currently targets Brazilian organizations. Attackers trick employees into installing a legitimate software agent that hands over remote...

/ June 22, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fortinet credential exposure

Cybersecurity Threat Advisory: Fortinet credential exposure

Security researchers have reported a large-scale “FortiBleed” compromise involving exposed Fortinet/FortiGate firewall and VPN credentials. The incident could affect tens of thousands of devices worldwide. Review the Cybersecurity Threat Advisory now to protect your clients’ systems. What is the threat?...

/ June 18, 2026
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Check Point VPN authentication bypass vulnerability exploited

Cybersecurity Threat Advisory: Check Point VPN authentication bypass vulnerability exploited

CISA has issued an emergency directive requiring U.S. federal agencies to secure Check Point Remote Access VPN, Mobile Access, and Spark firewall deployments following active exploitation of a critical zero-day vulnerability (CVE-2026-50751). Continue reading this Cybersecurity Threat Advisory to learn...

/ June 11, 2026