SMBs

AI is changing the vCISO game

AI is changing the vCISO game 2025-07-31 at 08:02 By Anamarija Pogorelec Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to Cynomi’s 2025 State of the Virtual CISO report, 67% of MSPs and MSSPs now offer […]

React to this headline:

Loading spinner

AI is changing the vCISO game Read More »

Microsoft rolls out Windows 11 “quick recovery” feature

Microsoft rolls out Windows 11 “quick recovery” feature 2025-07-23 at 18:31 By Zeljka Zorz With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default for Home users. “For nearly four decades, the blue screen shown during an unexpected

React to this headline:

Loading spinner

Microsoft rolls out Windows 11 “quick recovery” feature Read More »

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) 2025-07-21 at 15:42 By Zeljka Zorz Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to

React to this headline:

Loading spinner

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) Read More »

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) 2025-07-11 at 15:32 By Zeljka Zorz Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses,

React to this headline:

Loading spinner

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) Read More »

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) 2025-07-03 at 14:19 By Zeljka Zorz Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and

React to this headline:

Loading spinner

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) Read More »

Windows 10: How to get security updates for free until 2026

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Loading spinner

Windows 10: How to get security updates for free until 2026 Read More »

Microsoft unveils “centralized” software update tool for Windows

Microsoft unveils “centralized” software update tool for Windows 2025-05-29 at 14:49 By Zeljka Zorz Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The

React to this headline:

Loading spinner

Microsoft unveils “centralized” software update tool for Windows Read More »

Attackers hit MSP, use its RMM software to deliver ransomware to clients

Attackers hit MSP, use its RMM software to deliver ransomware to clients 2025-05-28 at 14:36 By Zeljka Zorz A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium

React to this headline:

Loading spinner

Attackers hit MSP, use its RMM software to deliver ransomware to clients Read More »

Outsourcing cybersecurity: How SMBs can make smart moves

Outsourcing cybersecurity: How SMBs can make smart moves 2025-05-23 at 08:32 By Anamarija Pogorelec Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills to

React to this headline:

Loading spinner

Outsourcing cybersecurity: How SMBs can make smart moves Read More »

Fake AI platforms deliver malware diguised as video content

Fake AI platforms deliver malware diguised as video content 2025-05-09 at 16:53 By Zeljka Zorz A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but

React to this headline:

Loading spinner

Fake AI platforms deliver malware diguised as video content Read More »

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also

React to this headline:

Loading spinner

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »

PoC exploit for SysAid pre-auth RCE released, upgrade quickly!

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! 2025-05-07 at 15:45 By Zeljka Zorz WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on

React to this headline:

Loading spinner

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! Read More »

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog,

React to this headline:

Loading spinner

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) 2025-04-18 at 14:47 By Zeljka Zorz CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability

React to this headline:

Loading spinner

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) Read More »

Critical flaws fixed in Nagios Log Server

Critical flaws fixed in Nagios Log Server 2025-04-15 at 13:47 By Zeljka Zorz The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability

React to this headline:

Loading spinner

Critical flaws fixed in Nagios Log Server Read More »

Google is making sending end-to-end encrypted emails easy

Google is making sending end-to-end encrypted emails easy 2025-04-02 at 15:03 By Zeljka Zorz Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails

React to this headline:

Loading spinner

Google is making sending end-to-end encrypted emails easy Read More »

Windows 11 quick machine recovery: Restoring devices with boot issues

Windows 11 quick machine recovery: Restoring devices with boot issues 2025-03-31 at 12:46 By Zeljka Zorz Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators

React to this headline:

Loading spinner

Windows 11 quick machine recovery: Restoring devices with boot issues Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

Scroll to Top