Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the Go to Source […]
Category Archives: Uncategorized
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses. Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at Go […]
Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow. Go to Source Author: Robert Lemos, Contributing Writer
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper […]
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below – CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a […]
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges. Go to Source Author: Jai Vijayan, Contributing Writer
While the jury is still out on whether the browser is the new endpoint, it’s clear that use has skyrocketed and security needs to align. Go to Source Author: Arielle Waldman
Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to new findings from ReliaQuest. “Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined,” […]
The combined company will help customers separate data ingestion from SIEM, to improve detection and performance. Go to Source Author: Kristina Beek