Tag: vulnerabilities
Global Cyber Threats: December 2025 roundup
As we close out the year, it’s a good time to step back and assess the vulnerabilities being flagged by national cybersecurity agencies around the world. I routinely monitor updates from the Canadian Centre for Cyber Security and Australia’s—both among...
Barracuda Application Protection safeguards against critical React and Next.js flaws
Two newly disclosed critical remote code execution (RCE) vulnerabilities—CVE-2025-55182 and CVE-2025-66478—pose a serious threat to applications built on React and Next.js. These flaws allow attackers to execute arbitrary code on vulnerable systems, which can lead to application compromise, unauthorized access and potential...
Cybersecurity Threat Advisory: Android framework exploits
Google released the December 2025 Android Security Update to address 107 vulnerabilities across the Android OS and vendor components. The most critical aspect of this release is the remediation of two high-severity vulnerabilities. Review this Cybersecurity Threat Advisory to limit...
Cybersecurity Threat Advisory: FortiWeb vulnerabilities in unsupported versions
Security researchers and CISA have warned that Fortinet FortiWeb appliances with unsupported versions are actively being exploited. Fortinet has issued patches for supported versions, but many organizations still run outdated FortiWeb devices, leaving them exposed. Read the Cybersecurity Threat Advisory...
Late-summer CISA alert roundup
At least once or twice a year I like to sift through the Cybersecurity and Infrastructure Security Agency (CISA) alerts and share some of the latest with SmarterMSP.com. The end of summer is one of the best times to do...
Cybersecurity Threat Advisory: Xerox printer vulnerabilities
Two vulnerabilities, CVE-2024-12510 and CVE-2024-12511, have been found in the Xerox VersaLink C7025 Multifunction Printer. Upon successful exploitation, bad actors can capture authentication credentials through pass-back attacks via lightweight directory access protocol (LDAP), server message block (SMB), and file transfer...
Cybersecurity Threat Advisory: New Microsoft Windows vulnerabilities
Two new Microsoft vulnerabilities, CVE-2024-21302 and CVE-2024-38202, are impacting Windows systems. Read this Cybersecurity Threat Advisory to learn more about how these vulnerabilities can be leveraged to exploit Microsoft Windows and how to protect your systems. What is the threat?...
Cybersecurity Threat Advisory: Exploited cryptojacking campaign impacting Docker
A new cryptojacking campaign exploiting the Docker Engine API has been discovered. The large-scale hacking campaign is targeting Docker Swarm, Kubernetes, and Secure Socket Shell (SSH) servers. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk...
Cybersecurity Threat Advisory: Veeam Backup security flaws
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...
Cybersecurity Threat Advisory: Critical SAP vulnerabilities
SAP issued its August 2024 security patch update which included two critical flaws that enable attackers to bypass authentication and fully compromise affected systems. Review the details in this Cybersecurity Threat Advisory to learn how you can protect your SAP...
