Kaseya Labs:

Actionable Threat
Research & Analysis

The volume and velocity of today’s cyberthreats puts millions of businesses at risk of data theft and ransomware. Here, you get valuable and timely cyberthreat information, designed for easy consumption and quick action.

Categories

Education
News
Threats
Vulnerabilities
Threats
Vulnerabilities

React2Shell Vulnerability Being Actively Exploited (CVE-2025-55182)

Mike Puglia

Posted on Dec 8

A remote code execution (RCE) vulnerability exists React Server Components protocol version 19.0.0 to 19.2.0 (CVE-2025-55182) and also impacts the downstream Next.js applications using the App Router ( CVE-2025-66478). The vulnerability has been assigned a CVSS Score of 10 out of 10, the highest possible severity and being actively exploited worldwide (CISA Known Exploited Vulnerabilities […]

Read more
Education
News
Vulnerabilities

Windows 10 First ESU Patch Released

Mike Puglia

Posted on Dec 3

Microsoft has ended Windows 10 support. From October 14, 2025, no more technical support, no more feature updates, and critically, no more FREE security patches. In November, Microsoft released its first Extended Security Update (ESU) for those still running Windows 10 and are willing to purchase these updates. The patch, KB5068781, contains fixes for 63 […]

Read more
News
Threats
Vulnerabilities

SonicWall Firewall Config Cloud Backups Compromised

Mike Puglia

Posted on Sep 19

SonicWall has announced that threat actors accessed backup firewall preference files stored in the MySonicWall Cloud which exposes admin credentials and other information that could make it easier for attackers to potentially exploit the related firewall.  This only impacts customers who have enabled the Cloud Backup Feature on their SonicWall Firewalls.  If this feature is […]

Read more
Education
Threats

Threat Bulletin: Akira Ransomware – Evidence & TTPs

Billy Austin

Posted on Sep 4

Executive Summary Akira ransomware continues to target Windows, Linux, and ESXi systems. Over the past few weeks, the Kaseya SOC has seen an uptick in another version of Akira. Campaigns include destructive steps such as wiping recovery options, clearing event logs, and forcing victims into Tor-based negotiations. Below are the decoded evidence artifacts, encryption attributes, […]

Read more
Education

Microsoft Teams Getting a Security Boost

Mike Puglia

Posted on Aug 28

Microsoft Teams, with its over 350 million active monthly users, recently announced several new security features which begin rolling out in September. Due to its widespread business adoption, Teams has become a prime target for threat actors and ransomware groups like Midnight Blizzard, Black Basta, and Storm-2603. These security enhancements aim to help organizations better […]

Read more
Threats
Vulnerabilities

Cisco FMC – RCE with No Auth Required

Mike Puglia

Posted on Aug 17

Cisco has published a critical vulnerability (CVE-2025-20265) with the highest severity score (CVSS 10.0) for its Secure Firewall Management Center (FMC) product. The vulnerability, a Radius Remote Code Execution Vulnerability, enables an unauthenticated attacker to remotely inject arbitrary code, typically shell commands, that are executed at with high level privileges. The flaw is present in […]

Read more
Threats
Vulnerabilities

Zoom Windows Client – Critical Update

Mike Puglia

Posted on Aug 15

Zoom, one of the most widely adopted collaboration and web meeting tools, has published a critical vulnerability (CVE-2025-49457) for its Windows Client. The vulnerability, an Untrusted Search Path (CWE-426), may allow an unauthenticated user to conduct an escalation of privilege via network access on versions lower than 6.3.10. The flaw was discovered by Zoom’s Offensive […]

Read more
Threats
Vulnerabilities

WinRAR Actively Exploited – Patch Now

Mike Puglia

Posted on Aug 11

A WinRAR vulnerability published (CVE-2025-8088) which allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability actively being exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. WinRaR does NOT have auto-update patching capabilities, meaning interaction by users or IT is required to remediate this […]

Read more
Vulnerabilities

Microsoft, CISA Warn of High-Severity Vulnerability in On-Premises Exchange

Mike Puglia

Posted on Aug 8

Security researcher Dirk-jan Mollema of Outsider Security demonstrated a vulnerability at BlackHat in Microsoft’s On-Premises Exchange in a hybrid-joined environment that enables an attacker to escalate privileges and move laterally from on-prem to gain control of the organization’s 365 Exchange Online environment without leaving a detectable and auditable trace (Click Here for Mollema’s BlackHat abstract […]

Read more
Threats
Vulnerabilities

SonicWall SSL VPNs Potentially Targeted by Akira

Mike Puglia

Posted on Aug 6

*Update August 6th 10PM EDT – SonicWall has posted these events are not connected to a zero-day vulnerability. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in SonicWall’s public advisory SNWLID-2024-0015.  SonicWall customers should review their recommendations at: https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 The new recommendations include: Kaseya Detections Both […]

Read more

Our complete, integrated, and cost-effective platform is trusted by over 500,000 IT Professionals globally to manage and secure more than 300 million devices.

© 2023 Kaseya. All rights reserved.