Rapid response
Rapid response | 2 min read
Update on the SharePoint ToolShell vulnerability exploitation (CVE-2025-53770)Over the weekend, a zero-day vulnerability for SharePoint 16.0.0.0 and earlier versions was targeted. Here's what you need to know.
Rapid response | 2 min read
Security alert: Citrix NetScaler ADC and NetScaler Gateway vulnerabilities allow unauthorized accessCitrix released two vulnerabilities (CVE-2025-5777 and CVE-2025-6543) that impact NetScaler ADC and NetScaler Gateway. Here's what to know and what to do.
Rapid response | 2 min read
Scattered Spider’s heightened activity—here’s the 411Threat group Scattered Spider is making headlines again as they increase targeting for financial services and insurance orgs.
Rapid response | 4 min read
Phishing in Teams: the new ransomware frontlineExpel's SOC has seen a spike in Microsoft Teams phishing messages. Here's what you need to know and how to stop it.
Rapid response | 1 min read
Security alert: CVE contract expiration and option periodThe contract for the federally funded CVE program has been extended, but uncertainty remains. Here’s why it matters and what's next.
Rapid response | 2 min read
Security alert: IngressNightmare (NGINX controller for Kubernetes)On March 24, 2025, five vulnerabilities in the Ingress NGINX controller for Kubernetes were publicly disclosed. Here's how to remediate.
Rapid response | 1 min read
Security alert: Ivanti zero-day vulnerabilityIvanti disclosed a critical zero-day vulnerability impacting multiple products. Address it immediately to prevent unauthenticated remote code execution.
Rapid response | 2 min read
Security alert: Christmas Day Chrome extension compromiseAt least five Chrome extensions, including the Cyberhaven extension, were targeted on Christmas Day. Here's what you need to know.
Rapid response | 1 min read
Security alert: Palo Alto Networks firewall vulnerabilityPalto Alto Networks (PAN) has a critical vulnerability that needs patched immediately to prevent network access via the firewall management interface.
Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerabilityFortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.
Rapid response | 2 min read
Security Alert: CrowdStrike Windows OutageAn issue in a CrowdStrike Falcon Sensor update rendered Microsoft’s Windows OS inoperable. Here’s what happened and how you can address it.
Rapid response | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection VulnerabilityPalo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know.
Rapid response | 1 min read
Security alert: XZ Linux utility backdoorResearchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.
Rapid response | 2 min read
Security alert: Ivanti Connect Secure and Policy Secure zero-day vulnerabilitiesIvanti Connect Secure and Policy Secure zero-day vulnerabilities are being exploited. Here's how to protect against them.
Rapid response | 2 min read
Security alert: ConnectWise ScreenConnect 23.9.8 security fixVulnerabilities in ConnectWise versions 23.9.7 and prior leave some ScreenConnect instances exposed to attackers. Here’s how to fix it.
Rapid response | 2 min read
Security alert: Okta “support user” data theftOkta recently determined an attacker stole user support system info in October 2023. Here’s what Okta customers need to do right now.
Rapid response | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515Here's how to mitigate a Confluence Data Center and Server vulnerability that lets attackers create admin accounts on external-facing servers.
Rapid response | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) libraryCVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.
Rapid response | 1 min read
Security alert: critical Fortigate remote code execution vulnerabilityGet a clear breakdown of the critical Fortigate Firewall vulnerability's impact and steps you can take to reduce your risk.
Rapid response | 2 min read
Security alert: 3CXDesktopApp supply chain attackA supply chain attack on 3CXDesktopApp can turn installers into malicious tools. Learn the steps you can take to mitigate the risk.
Rapid response | 5 min read
Incident report: stolen AWS access keysLearn what happens after AWS access keys are stolen. Our teams collaborated on a real-world incident. Read how we responded to the attack.
Rapid response | 3 min read
Emerging Threat: CircleCI Security IncidentA security incident at CircleCI requires immediate credential rotation. Learn what happened, why it matters, and the steps to take to mitigate the risk.
Rapid response | 2 min read
Security alert: high-severity vulnerability affecting OpenSSL V3 and higherTwo new security flaws affect OpenSSL v3.0 and later. Learn about the vulnerabilities and why you should upgrade to v3.0.7 as soon as it's reasonable.
Rapid response | 2 min read
Emerging Threats: Microsoft Exchange On-Prem Zero-DaysA new zero-day vulnerability affects Microsoft Exchange Server. Until a patch is issued, here are the steps you can take to mitigate risk.
Rapid response | 6 min read
Incident report: how a phishing campaign revealed BEC before exploitationAfter 89 phishing alerts, we knew a large-scale campaign was underway. This case study walks you through what happened and how we responded.
Rapid response | 2 min read
Emerging threat: BEC payroll fraud advisoryOur SOC observed BEC attacks targeting Workday to commit payroll fraud. Learn how to protect your human capital management systems.
Rapid response | 6 min read
Incident report: From CLI to console, chasing an attacker in AWSWe detected and stopped unauthorized access in a customer's AWS environment. Learn how we spotted it, what we did, and key takeaways for your security.
Rapid response | 1 min read
Heads up: WPA2 vulnerabilityA (very) quick overview of the reported WPA2 weakness. The TL;DR is “don’t flip out" because this an example of bug marketing.