Kaseya Labs:

Actionable Threat
Research & Analysis

The volume and velocity of today’s cyberthreats puts millions of businesses at risk of data theft and ransomware. Here, you get valuable and timely cyberthreat information, designed for easy consumption and quick action.

Categories

Education
News
Threats
Vulnerabilities
Education
Threats

Threat Bulletin: Akira Ransomware – Evidence & TTPs

Billy Austin

Posted on Sep 4

Executive Summary Akira ransomware continues to target Windows, Linux, and ESXi systems. Over the past few weeks, the Kaseya SOC has seen an uptick in another version of Akira. Campaigns include destructive steps such as wiping recovery options, clearing event logs, and forcing victims into Tor-based negotiations. Below are the decoded evidence artifacts, encryption attributes, […]

Read more
Education

Microsoft Teams Getting a Security Boost

Mike Puglia

Posted on Aug 28

Microsoft Teams, with its over 350 million active monthly users, recently announced several new security features which begin rolling out in September. Due to its widespread business adoption, Teams has become a prime target for threat actors and ransomware groups like Midnight Blizzard, Black Basta, and Storm-2603. These security enhancements aim to help organizations better […]

Read more
Threats
Vulnerabilities

Cisco FMC – RCE with No Auth Required

Mike Puglia

Posted on Aug 17

Cisco has published a critical vulnerability (CVE-2025-20265) with the highest severity score (CVSS 10.0) for its Secure Firewall Management Center (FMC) product. The vulnerability, a Radius Remote Code Execution Vulnerability, enables an unauthenticated attacker to remotely inject arbitrary code, typically shell commands, that are executed at with high level privileges. The flaw is present in […]

Read more
Threats
Vulnerabilities

Zoom Windows Client – Critical Update

Mike Puglia

Posted on Aug 15

Zoom, one of the most widely adopted collaboration and web meeting tools, has published a critical vulnerability (CVE-2025-49457) for its Windows Client. The vulnerability, an Untrusted Search Path (CWE-426), may allow an unauthenticated user to conduct an escalation of privilege via network access on versions lower than 6.3.10. The flaw was discovered by Zoom’s Offensive […]

Read more
Threats
Vulnerabilities

WinRAR Actively Exploited – Patch Now

Mike Puglia

Posted on Aug 11

A WinRAR vulnerability published (CVE-2025-8088) which allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability actively being exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. WinRaR does NOT have auto-update patching capabilities, meaning interaction by users or IT is required to remediate this […]

Read more
Vulnerabilities

Microsoft, CISA Warn of High-Severity Vulnerability in On-Premises Exchange

Mike Puglia

Posted on Aug 8

Security researcher Dirk-jan Mollema of Outsider Security demonstrated a vulnerability at BlackHat in Microsoft’s On-Premises Exchange in a hybrid-joined environment that enables an attacker to escalate privileges and move laterally from on-prem to gain control of the organization’s 365 Exchange Online environment without leaving a detectable and auditable trace (Click Here for Mollema’s BlackHat abstract […]

Read more
Threats
Vulnerabilities

SonicWall SSL VPNs Potentially Targeted by Akira

Mike Puglia

Posted on Aug 6

*Update August 6th 10PM EDT – SonicWall has posted these events are not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in SonicWall’s public advisory SNWLID-2024-0015.  SonicWall customers should review their recommendations at: https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 The new recommendations include: Kaseya Detections Both […]

Read more
Threats
Vulnerabilities

SharePoint (On-Premises Only) ToolShell Exploit

Mike Puglia

Posted on Jul 31

*Updated July 31, 2025 with additional Details and IOCs A series of new and previously patched vulnerabilities, discovered by Eye Security, have been widely exploited in Microsoft’s SharePoint On-Premises Server software (cloud SharePoint instances are not impacted).  Dubbed “ToolShell”, threat actors can exploit the vulnerability to execute code remotely over the network – essentially giving […]

Read more
Threats
Vulnerabilities

Old PaperCut Vulnerability Being Actively Exploited – Patch Now

Mike Puglia

Posted on Jul 29

CISA has announced that an older version of PaperCut NG/MF print management software is under active exploitation and has added it to the CISA Known Exploited Vulnerabilities (KEV) Catalog.  Attackers can leverage the vulnerability to: “potentially enable an attacker to alter security settings or execute arbitrary code”.  This vulnerability was disclosed and patched in 2023 […]

Read more
Threats
Vulnerabilities

When Tools Turn Threats: How Legitimate Remote Control Software Is Being Abused as Remote Access Trojans (RATs)

Mike Puglia

Posted on Jun 5

A Remote Access Trojan (RAT) is a type of malware that allows an attacker to gain full access to a system as if they were physically present on the keyboard. As antivirus and antimalware have improved at detecting malicious applications, bad actors have increasingly turned to using legitimate remote control tools as RATs. Legitimate remote […]

Read more

Our complete, integrated, and cost-effective platform is trusted by over 500,000 IT Professionals globally to manage and secure more than 300 million devices.

© 2023 Kaseya. All rights reserved.