Are you sure you want to leave? You’re just one step away from your free network consultation (valued at $495).
Blog
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass...
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a...
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with...
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution...
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most...
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored...
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and...
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated...
FREE GUIDE
The Ultimate Guide To IT Support Services And Fees
What You Should Expect To Pay For IT Support For Your Small Business (And How To Get Exactly What You Need Without Unnecessary Extras, Hidden Fees And Excessive Contracts)
