Kaseya Labs:

Actionable Threat
Research & Analysis

The volume and velocity of today’s cyberthreats puts millions of businesses at risk of data theft and ransomware. Here, you get valuable and timely cyberthreat information, designed for easy consumption and quick action.

Categories

Education
News
Threats
Vulnerabilities
Education
Threats

Threat Bulletin: Qilin (aka Agenda) Ransomware – Evidence & TTPs

Billy Austin

Posted on Feb 16

Overview Qilin (also tracked as Agenda) is an active ransomware-as-a-service operation impacting both SMB and Enterprise environments. Recent campaigns demonstrate a mature, configuration-driven encryptor designed to maximize operational disruption by disabling recovery mechanisms, enumerating network-accessible data, and encrypting files at scale. Static Analysis & Variant Context Qilin represents a class of modern enterprise ransomware that […]

Read more
Threats
Vulnerabilities

Fortinet SSO Bypass – Act Now

Mike Puglia

Posted on Jan 22

UPDATE Jan 22 6:20PM EST Fortinet has provided an update at: https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Fortinet has confirmed the patch in December did not fully resolve the issue. Specifically, they state: “Fortinet product security has identified the issue, and the company is working on a fix to remediate this occurrence. An advisory will be issued as the fix […]

Read more
Threats
Vulnerabilities

Fortinet Issues Advisory On Old Vulnerability – Check That You Are Patched

Mike Puglia

Posted on Jan 12

Fortinet has recently issued an advisory that a five year old vulnerability from 2020 (CVE-2020-12812) is being actively exploited in the wild. The vulnerability enables attackers to bypass 2FA witch certain firewall configurations and was patched with releases 6.4.1, 6.2.4, and 6.0.10. Whether Fortinet updated this advisory because of multiple compromises detected or for research […]

Read more
Threats
Vulnerabilities

React2Shell Vulnerability Being Actively Exploited (CVE-2025-55182)

Mike Puglia

Posted on Dec 8

A remote code execution (RCE) vulnerability exists React Server Components protocol version 19.0.0 to 19.2.0 (CVE-2025-55182) and also impacts the downstream Next.js applications using the App Router ( CVE-2025-66478). The vulnerability has been assigned a CVSS Score of 10 out of 10, the highest possible severity and being actively exploited worldwide (CISA Known Exploited Vulnerabilities […]

Read more
Education
News
Vulnerabilities

Windows 10 First ESU Patch Released

Mike Puglia

Posted on Dec 3

Microsoft has ended Windows 10 support. From October 14, 2025, no more technical support, no more feature updates, and critically, no more FREE security patches. In November, Microsoft released its first Extended Security Update (ESU) for those still running Windows 10 and are willing to purchase these updates. The patch, KB5068781, contains fixes for 63 […]

Read more
News
Threats
Vulnerabilities

SonicWall Firewall Config Cloud Backups Compromised

Mike Puglia

Posted on Sep 19

SonicWall has announced that threat actors accessed backup firewall preference files stored in the MySonicWall Cloud which exposes admin credentials and other information that could make it easier for attackers to potentially exploit the related firewall.  This only impacts customers who have enabled the Cloud Backup Feature on their SonicWall Firewalls.  If this feature is […]

Read more
Education
Threats

Threat Bulletin: Akira Ransomware – Evidence & TTPs

Billy Austin

Posted on Sep 4

Executive Summary Akira ransomware continues to target Windows, Linux, and ESXi systems. Over the past few weeks, the Kaseya SOC has seen an uptick in another version of Akira. Campaigns include destructive steps such as wiping recovery options, clearing event logs, and forcing victims into Tor-based negotiations. Below are the decoded evidence artifacts, encryption attributes, […]

Read more
Education

Microsoft Teams Getting a Security Boost

Mike Puglia

Posted on Aug 28

Microsoft Teams, with its over 350 million active monthly users, recently announced several new security features which begin rolling out in September. Due to its widespread business adoption, Teams has become a prime target for threat actors and ransomware groups like Midnight Blizzard, Black Basta, and Storm-2603. These security enhancements aim to help organizations better […]

Read more
Threats
Vulnerabilities

Cisco FMC – RCE with No Auth Required

Mike Puglia

Posted on Aug 17

Cisco has published a critical vulnerability (CVE-2025-20265) with the highest severity score (CVSS 10.0) for its Secure Firewall Management Center (FMC) product. The vulnerability, a Radius Remote Code Execution Vulnerability, enables an unauthenticated attacker to remotely inject arbitrary code, typically shell commands, that are executed at with high level privileges. The flaw is present in […]

Read more
Threats
Vulnerabilities

Zoom Windows Client – Critical Update

Mike Puglia

Posted on Aug 15

Zoom, one of the most widely adopted collaboration and web meeting tools, has published a critical vulnerability (CVE-2025-49457) for its Windows Client. The vulnerability, an Untrusted Search Path (CWE-426), may allow an unauthenticated user to conduct an escalation of privilege via network access on versions lower than 6.3.10. The flaw was discovered by Zoom’s Offensive […]

Read more

Our complete, integrated, and cost-effective platform is trusted by over 500,000 IT Professionals globally to manage and secure more than 300 million devices.

© 2023 Kaseya. All rights reserved.