Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers MSPs and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed...

Supply Chain Cybersecurity Risk Management Guide

Your organization's security is only as strong as its weakest vendor. A single compromised supplier, an unpatched software dependency, or a breached managed service provider can give attackers a direct path into your environment, bypassing every control you have built internally. The SolarWinds...

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it...

Architectural Implications of the UK Cyber Security and Resilience Bill

The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall NGFW appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials...

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

Navigating MiCA: A Practical Compliance Guide for European CASPs

MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs...

CISA: Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers V2

CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, have released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help internet service...

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service PBaaS economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam cente...

"Getting to Yes": An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That's why we created "Getting to Yes": ...

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from...

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift...

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru , the botnet responsible for a series of record-smashing distributed denial-of-service DDoS attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things IoT devices to proxy services...

EUVD-2023-3103

Malicious code in bioql PyPI...

Future-Proofing Cloud Security against Quantum Attacks: Risk, Transition, and Mitigation Strategies

Quantum Computing QC introduces a transformative threat to digital security, with the potential to compromise widely deployed classical cryptographic systems. This survey offers a comprehensive and systematic examination of quantumsafe security for Cloud Computing CC, focusing on the...

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services

Introduction Managed service providers MSPs and managed security service providers MSSPs are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without...

Report Reveals Tool Overload Driving Fatigue and Missed Threats in MSPs

London, United Kingdom, 11th August 2025, CyberNewsWire...

Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management

Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...

Proxy Services Feast on Ukraine’s IP Address Exodus

Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of...