Blog

Researchers report a maximum‑severity flaw in a Java JWT library

Field Effect Security Intelligence Team — Thu, 05 Mar 2026 20:54:15 GMT

At a glance: A flaw in a widely used Java library for working with JSON Web Tokens has drawn attention because it weakens one of the core guarantees of token‑based authentication: that only a trusted issuer can create valid tokens. Researchers found that, under certain conditions, the library may incorrectly accept or mis-validate tokens, opening the door to forged credentials or unauthorized access if an attacker can craft tokens that appear legitimate.

CISA warns of remote code execution risk in VMware Aria Operations

Field Effect Security Intelligence Team — Wed, 04 Mar 2026 18:00:40 GMT

At a glance: CISA has added a high-severity Broadcom VMware Aria Operations vulnerability (CVE-2026-22719) to its Known Exploited Vulnerabilities catalog following reports of active exploitation. The flaw allows unauthenticated command execution during a support-assisted migration workflow and affects Aria Operations along with platforms that integrate it, including VMware Cloud Foundation and VMware Telco products.

Cyber spillover risks amid the February 2026 Middle East escalation

Field Effect Security Intelligence Team — Wed, 04 Mar 2026 14:32:26 GMT

At a glance: Escalating conflict following coordinated U.S. and Israeli strikes on Iranian military and nuclear sites has raised concerns about potential cyber spillover. Canadian and UK cybersecurity agencies warn that Iran is likely to use cyber capabilities in response, though no large-scale attacks have been confirmed. Researchers have observed a rise in opportunistic hacktivist activity and unverified claims of DDoS attacks, defacements, and data leaks targeting Iran’s adversaries. Organizations are advised to remain vigilant and reinforce core security controls.

Critical TLS authentication bypass impacts VMware Tanzu

Field Effect Security Intelligence Team — Tue, 03 Mar 2026 13:56:12 GMT

At a glance: Broadcom has patched CVE-2025-68121, a critical (CVSS 10.0) flaw in Go’s crypto/tls library that impacts multiple VMware Tanzu products through embedded Go-based components. The vulnerability can undermine TLS authentication integrity during session resumption, potentially allowing unauthorized trust of a peer. Affected products include Tanzu RabbitMQ and several Tanzu Greenplum offerings. Users are urged to upgrade to the fixed versions listed in Broadcom’s advisories.

MDR for MSPs with a lean cybersecurity team

Field Effect — Mon, 02 Mar 2026 15:10:20 GMT

“My MSP doesn’t have a dedicated security team.”

Cybersecurity insurance and MDR: What businesses and MSPs need to know

Field Effect — Mon, 02 Mar 2026 14:50:31 GMT

Cybersecurity insurance (cyber liability insurance) is a policy that helps organizations cover the financial impact of cyber incidents such as ransomware, data breaches, business interruption, and regulatory fines.

Unlike traditional insurance, cyber coverage now requires demonstrable cybersecurity controls before approval or renewal.

Researchers report FreePBX exploitation: 900+ systems compromised

Field Effect Security Intelligence Team — Mon, 02 Mar 2026 14:13:33 GMT

At a glance: Researchers report more than 900 Sangoma FreePBX instances infected with persistent web shells following exploitation of CVE-2025-64328, a high-severity (CVSS 8.6) post-authentication command-injection vulnerability in the FreePBX Endpoint Manager filestore module. Affecting versions 17.0.2.36 and above up to (but not including) 17.0.3, the flaw stems from improper handling of user input in the SSH test-connection function, enabling arbitrary command execution as the asterisk user. Exploitation has been observed since December 2025, despite patches released in November 2025.

HIPAA & what it means for MSPs

Matt Lewis — Mon, 02 Mar 2026 12:45:00 GMT

For MSPs that support healthcare organizations, HIPAA compliance can be slightly intimidating.

Zyxel patches critical UPnP command‑injection flaw, POC available

Field Effect Security Intelligence Team — Fri, 27 Feb 2026 13:51:01 GMT

At a glance: Zyxel disclosed CVE-2025-13942, a critical (CVSS 9.8) command-injection vulnerability in the UPnP service of the EX3510-B0 router, affecting firmware through version 5.17(ABUP.15.1)C0. The flaw allows unauthenticated remote attackers to execute operating system commands via specially crafted UPnP SOAP requests when both UPnP and WAN access are enabled. Proof-of-concept code has been released, and exploitation requires minimal complexity once the service is exposed.

Why law firms need smarter cybersecurity solutions

Field Effect — Thu, 26 Feb 2026 05:45:00 GMT

Law firms are trusted with some of the most sensitive information: client records, case details, financial data, and intellectual property. In today’s digital-first world, this data is a prime target for cybercriminals. Unfortunately, many firms still rely on outdated security measures or a patchwork of tools that leave dangerous gaps.

Maximum‑severity zero day in Cisco Catalyst SD‑WAN now patched

Field Effect Security Intelligence Team — Wed, 25 Feb 2026 21:00:58 GMT

At a glance: Cisco disclosed CVE-2026-20127, a maximum-severity zero-day in Catalyst SD-WAN Controller and Manager that allows unauthenticated remote access to high-privilege internal accounts. Exploitation enables attackers to reach the NETCONF interface and manipulate routing and policy across the SD-WAN control plane. Limited in-the-wild activity was confirmed prior to patch release.

Typosquatting campaign targets npm, CI pipelines, and AI‑driven development

Field Effect Security Intelligence Team — Wed, 25 Feb 2026 14:37:50 GMT

At a glance: Researchers detailed SANDWORM_MODE, a supply-chain attack campaign involving at least 19 malicious npm packages impersonating popular developer utilities and AI coding tools. The typosquatted packages deployed a malicious Model Context Protocol (MCP) server and used embedded prompt-injection techniques to harvest SSH keys, cloud credentials, npm tokens, and environment secrets across developer and CI environments. The activity highlights how AI-integrated toolchains create new paths for credential theft.

What is the difference between MDR, XDR, and EDR?

Field Effect — Tue, 24 Feb 2026 19:45:00 GMT

The cybersecurity world can sometimes feel like a tangled web of acronyms, each longer and more complex than the last. We've previously covered some of the more common terms, but today, let's dive deeper into the world of detection and response, focusing on three heavy hitters:

Cyber myth buster: EDR and backups aren’t a security strategy

Field Effect — Tue, 24 Feb 2026 19:26:54 GMT

Endpoint detection and response (EDR) and data backups are essential tools in any cybersecurity program. They help detect threats on endpoints and recover data when things go wrong. But relying on them alone leaves critical gaps.

The best alternatives to Blackpoint for managed detection & response

Field Effect — Tue, 24 Feb 2026 18:20:43 GMT

Why do organizations seek alternatives to Blackpoint?

Blackpoint Cyber is a familiar name among MSPs seeking a managed SOC-as-a-service offering. However, as cybersecurity demands evolve, many MSPs and lean IT teams find themselves looking for more integrated, complete, and value-driven MDR solutions.

How to calculate the ROI of MDR solutions

Field Effect — Tue, 24 Feb 2026 18:05:35 GMT

Return on investment (ROI) for managed detection and response (MDR) is often misunderstood.

Low‑skill threat actor leverages AI in FortiGate intrusion activity

Field Effect Security Intelligence Team — Tue, 24 Feb 2026 14:01:04 GMT

At a glance: More than 600 FortiGate devices were compromised worldwide after a low-skill, financially motivated actor used commercial AI tools to automate reconnaissance, credential harvesting, and intrusion activity against exposed management interfaces with weak authentication. The campaign highlights how AI can amplify opportunistic attacks. Organizations should restrict internet-facing management access, enforce MFA, rotate credentials, and monitor for anomalous activity to reduce risk.

Evaluating MDR vendors: Why MSPs choose Field Effect MDR

Field Effect — Mon, 23 Feb 2026 15:36:57 GMT

For managed service providers (MSPs), choosing a managed detection and response (MDR) vendor is no longer just a technology decision, it's a business risk decision.

The best alternatives to Sophos MDR for managed detection & response

Field Effect — Mon, 23 Feb 2026 15:03:46 GMT

Why do organizations seek alternatives to Sophos?

Sophos MDR and its broader cybersecurity suite have earned recognition for extending managed detection and response to a wide customer base. Yet, many organizations (especially MSPs, lean IT teams, and mid-market businesses) seek alternatives to reduce complexity, eliminate blind spots, and improve response times.

Predictable credentials generated by AI tools introduce new risks

Field Effect Security Intelligence Team — Fri, 20 Feb 2026 22:20:24 GMT

At a glance: New research shows that passwords generated by AI systems are often predictable and repeat across sessions due to the statistical token-based nature of LLMs. Because these passwords appear complex, they frequently pass standard strength checks and may be embedded into code or configuration files without detection. Organizations should instead rely on cryptographically secure random number generators for password creation tasks to reduce the risk of credential compromise.

Chrome and Chromium-based browsers receive fixes for exploited flaw

Field Effect Security Intelligence Team — Thu, 19 Feb 2026 22:54:46 GMT

At a glance: CISA has added CVE-2026-2441, a high-severity Chrome and Chromium vulnerability with a public exploit available, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. Google and other major Chromium-based browsers have released updates to address the flaw. Organizations should upgrade to the latest versions immediately to reduce exposure.

Packaging cybersecurity as a strategic growth lever for MSPs

Field Effect — Thu, 19 Feb 2026 16:00:58 GMT

Managed service providers (MSPs) know cybersecurity is no longer optional, but packaging it effectively remains one of the biggest challenges in the channel.

End‑to‑end update verification arrives in Notepad++ with version 8.9.2

Field Effect Security Intelligence Team — Wed, 18 Feb 2026 21:58:26 GMT

At a glance: Notepad++ version 8.9.2 introduces cryptographic verification of the XML update manifest, completing end-to-end verification of both update metadata and installers following the 2025 supply-chain compromise. The update closes the remaining gap that allowed threat actors to manipulate update metadata and redirect GUP to execute malicious payloads. Organizations running 8.9.1 or earlier are recommended to upgrade to 8.9.2 and remove any deprecated self-signed certificates.

Weekly Threat Round-Up: Critical Apple flaw, eBPF rootkit & more

Field Effect Security Intelligence Team — Tue, 17 Feb 2026 21:56:49 GMT

Threat round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.

Study Tests Zero‑Knowledge Protections in Cloud Password Managers

Field Effect Security Intelligence Team — Tue, 17 Feb 2026 21:29:25 GMT

At a glance: Researchers disclosed 27 attack paths affecting major cloud-based password managers showing that with a provider’s cloud infrastructure compromised, it's possible to manipulate recovery workflows and client-side logic to recover stored passwords or alter vault contents, despite zero-knowledge encryption protections. Vendors have been notified and are implementing mitigations, but the findings highlight systemic risks if password-manager infrastructure is breached.