Rapid response | 2 min read
Scattered Spider’s heightened activity—here’s the 411

Threat group Scattered Spider is making headlines again as they increase targeting for financial services and insurance orgs.

Rapid response | 4 min read
Phishing in Teams: the new ransomware frontline

Expel's SOC has seen a spike in Microsoft Teams phishing messages. Here's what you need to know and how to stop it.

Rapid response | 1 min read
Security alert: CVE contract expiration and option period

The contract for the federally funded CVE program has been extended, but uncertainty remains. Here’s why it matters and what's next.

Rapid response | 2 min read
Security alert: IngressNightmare (NGINX controller for Kubernetes)

On March 24, 2025, five vulnerabilities in the Ingress NGINX controller for Kubernetes were publicly disclosed. Here's how to remediate.

Rapid response | 1 min read
Security alert: Ivanti zero-day vulnerability

Ivanti disclosed a critical zero-day vulnerability impacting multiple products. Address it immediately to prevent unauthenticated remote code execution.

Rapid response | 2 min read
Security alert: Christmas Day Chrome extension compromise

At least five Chrome extensions, including the Cyberhaven extension, were targeted on Christmas Day. Here's what you need to know.

Rapid response | 1 min read
Security alert: Palo Alto Networks firewall vulnerability

Palto Alto Networks (PAN) has a critical vulnerability that needs patched immediately to prevent network access via the firewall management interface.

Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerability

Fortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.

Rapid response | 2 min read
Security Alert: CrowdStrike Windows Outage

An issue in a CrowdStrike Falcon Sensor update rendered Microsoft’s Windows OS inoperable. Here’s what happened and how you can address it.

Rapid response | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection Vulnerability

Palo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know. 

Rapid response | 1 min read
Security alert: XZ Linux utility backdoor

Researchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.

Rapid response | 2 min read
Security alert: Ivanti Connect Secure and Policy Secure zero-day vulnerabilities

Ivanti Connect Secure and Policy Secure zero-day vulnerabilities are being exploited. Here's how to protect against them.

Rapid response | 2 min read
Security alert: ConnectWise ScreenConnect 23.9.8 security fix

Vulnerabilities in ConnectWise versions 23.9.7 and prior leave some ScreenConnect instances exposed to attackers. Here’s how to fix it.

Rapid response | 2 min read
Security alert: Okta “support user” data theft

Okta recently determined an attacker stole user support system info in October 2023. Here’s what Okta customers need to do right now.

Rapid response | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515

Here's how to mitigate a Confluence Data Center and Server vulnerability that lets attackers create admin accounts on external-facing servers.

Rapid response | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) library

CVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.