Blog

Critical authentication bypass in Aruba AOS-CX impacts CX-series switches

Field Effect Security Intelligence Team — Thu, 12 Mar 2026 12:57:34 GMT

At a glance: Hewlett Packard Enterprise (HPE) released security updates addressing multiple vulnerabilities in Aruba Networking AOS-CX, including a critical authentication bypass flaw (CVE-2026-23813) affecting the web-based management interface of Aruba CX-series switches. The vulnerability carries a CVSS score of 9.8 and could allow an unauthenticated remote attacker to bypass authentication and potentially reset the administrator password, leading to full administrative control of the affected switch.

Ivanti Endpoint Manager under active exploitation

Field Effect Security Intelligence Team — Tue, 10 Mar 2026 21:10:42 GMT

At a glance: CISA added an actively exploited authentication bypass vulnerability affecting Ivanti Endpoint Manager (EPM) to its KEV catalog. The flaw is considered high-severity, and allows unauthenticated attackers with network access to the core server to retrieve sensitive credential material through an alternate authentication path. Organizations should update affected deployments to Endpoint Manager 2024 SU5, which resolves the vulnerability.

What is the future of cybersecurity? | Field Effect

Field Effect — Tue, 10 Mar 2026 14:30:00 GMT

The future of cybersecurity is notoriously hard to predict. After all, every aspect of the industry changes continuously. Cyber threats evolve and the tools that defend against them mirror those changes, evolving in their own right to better defend increasingly complex networks.

Key insights from the Field Effect 2026 Cyber Threat Outlook Report

Field Effect — Tue, 10 Mar 2026 11:46:00 GMT

Most organizations didn’t suffer breaches in 2025 because they lacked tools or effort. They struggled because defenses were optimized for assumptions that no longer hold.

Field Effect report finds identity compromise driving majority of cyber incidents

Field Effect — Tue, 10 Mar 2026 11:40:58 GMT

More than 80% of incident-related alerts tied to cloud identity abuse, new threat outlook shows

Field Effect has released its 2026 Cyber Threat Outlook, revealing that more than 80% of incidents investigated by the company in 2025 stemmed from cloud identity compromise. The finding highlights a major shift in how attackers gain access to corporate environments.

Fortinet devices under increased targeting as AI-enabled attacks scale in 2026

Field Effect Security Intelligence Team — Mon, 09 Mar 2026 20:56:12 GMT

At a glance: Field Effect is observing increased targeting of Fortinet devices in early 2026, with threat actors combining scanning for vulnerabilities, exposed management interfaces, and weak or single-factor authentication to gain access to edge infrastructure. Researchers also identified a surge in the use of an open-source, AI-enabled offensive security platform targeting Fortinet FortiGate devices,.

Latest Iranian cyber activity amid Middle East escalation

Field Effect Security Intelligence Team — Mon, 09 Mar 2026 12:59:30 GMT

At a glance: Researchers linked new malware activity to the Iranian APT group Seedworm while separate reporting tied Iranian-aligned actors to campaigns compromising internet-connected cameras across the Middle East. The activity highlights how cyber operations and exposed IoT devices can support real-world military operations and intelligence gathering.

Researchers report a maximum‑severity flaw in a pac4j JWT library

Field Effect Security Intelligence Team — Thu, 05 Mar 2026 20:54:15 GMT

At a glance: A flaw in a widely used Java library for working with JSON Web Tokens has drawn attention because it weakens one of the core guarantees of token‑based authentication: that only a trusted issuer can create valid tokens. Researchers found that, under certain conditions, the library may incorrectly accept or mis-validate tokens, opening the door to forged credentials or unauthorized access if an attacker can craft tokens that appear legitimate.

CISA warns of remote code execution risk in VMware Aria Operations

Field Effect Security Intelligence Team — Wed, 04 Mar 2026 18:00:40 GMT

At a glance: CISA has added a high-severity Broadcom VMware Aria Operations vulnerability (CVE-2026-22719) to its Known Exploited Vulnerabilities catalog following reports of active exploitation. The flaw allows unauthenticated command execution during a support-assisted migration workflow and affects Aria Operations along with platforms that integrate it, including VMware Cloud Foundation and VMware Telco products.

Cyber spillover risks amid the February 2026 Middle East escalation

Field Effect Security Intelligence Team — Wed, 04 Mar 2026 14:32:26 GMT

At a glance: Escalating conflict following coordinated U.S. and Israeli strikes on Iranian military and nuclear sites has raised concerns about potential cyber spillover. Canadian and UK cybersecurity agencies warn that Iran is likely to use cyber capabilities in response, though no large-scale attacks have been confirmed. Researchers have observed a rise in opportunistic hacktivist activity and unverified claims of DDoS attacks, defacements, and data leaks targeting Iran’s adversaries. Organizations are advised to remain vigilant and reinforce core security controls.

Critical TLS authentication bypass impacts VMware Tanzu

Field Effect Security Intelligence Team — Tue, 03 Mar 2026 13:56:12 GMT

At a glance: Broadcom has patched CVE-2025-68121, a critical (CVSS 10.0) flaw in Go’s crypto/tls library that impacts multiple VMware Tanzu products through embedded Go-based components. The vulnerability can undermine TLS authentication integrity during session resumption, potentially allowing unauthorized trust of a peer. Affected products include Tanzu RabbitMQ and several Tanzu Greenplum offerings. Users are urged to upgrade to the fixed versions listed in Broadcom’s advisories.

MDR for MSPs with a lean cybersecurity team

Field Effect — Mon, 02 Mar 2026 15:10:20 GMT

“My MSP doesn’t have a dedicated security team.”

Cybersecurity insurance and MDR: What businesses and MSPs need to know

Field Effect — Mon, 02 Mar 2026 14:50:31 GMT

Cybersecurity insurance (cyber liability insurance) is a policy that helps organizations cover the financial impact of cyber incidents such as ransomware, data breaches, business interruption, and regulatory fines.

Unlike traditional insurance, cyber coverage now requires demonstrable cybersecurity controls before approval or renewal.

Researchers report FreePBX exploitation: 900+ systems compromised

Field Effect Security Intelligence Team — Mon, 02 Mar 2026 14:13:33 GMT

At a glance: Researchers report more than 900 Sangoma FreePBX instances infected with persistent web shells following exploitation of CVE-2025-64328, a high-severity (CVSS 8.6) post-authentication command-injection vulnerability in the FreePBX Endpoint Manager filestore module. Affecting versions 17.0.2.36 and above up to (but not including) 17.0.3, the flaw stems from improper handling of user input in the SSH test-connection function, enabling arbitrary command execution as the asterisk user. Exploitation has been observed since December 2025, despite patches released in November 2025.

HIPAA & what it means for MSPs

Matt Lewis — Mon, 02 Mar 2026 12:45:00 GMT

For MSPs that support healthcare organizations, HIPAA compliance can be slightly intimidating.

Zyxel patches critical UPnP command‑injection flaw, POC available

Field Effect Security Intelligence Team — Fri, 27 Feb 2026 13:51:01 GMT

At a glance: Zyxel disclosed CVE-2025-13942, a critical (CVSS 9.8) command-injection vulnerability in the UPnP service of the EX3510-B0 router, affecting firmware through version 5.17(ABUP.15.1)C0. The flaw allows unauthenticated remote attackers to execute operating system commands via specially crafted UPnP SOAP requests when both UPnP and WAN access are enabled. Proof-of-concept code has been released, and exploitation requires minimal complexity once the service is exposed.

Why law firms need smarter cybersecurity solutions

Field Effect — Thu, 26 Feb 2026 05:45:00 GMT

Law firms are trusted with some of the most sensitive information: client records, case details, financial data, and intellectual property. In today’s digital-first world, this data is a prime target for cybercriminals. Unfortunately, many firms still rely on outdated security measures or a patchwork of tools that leave dangerous gaps.

Maximum‑severity zero day in Cisco Catalyst SD‑WAN now patched

Field Effect Security Intelligence Team — Wed, 25 Feb 2026 21:00:58 GMT

At a glance: Cisco disclosed CVE-2026-20127, a maximum-severity zero-day in Catalyst SD-WAN Controller and Manager that allows unauthenticated remote access to high-privilege internal accounts. Exploitation enables attackers to reach the NETCONF interface and manipulate routing and policy across the SD-WAN control plane. Limited in-the-wild activity was confirmed prior to patch release.

Typosquatting campaign targets npm, CI pipelines, and AI‑driven development

Field Effect Security Intelligence Team — Wed, 25 Feb 2026 14:37:50 GMT

At a glance: Researchers detailed SANDWORM_MODE, a supply-chain attack campaign involving at least 19 malicious npm packages impersonating popular developer utilities and AI coding tools. The typosquatted packages deployed a malicious Model Context Protocol (MCP) server and used embedded prompt-injection techniques to harvest SSH keys, cloud credentials, npm tokens, and environment secrets across developer and CI environments. The activity highlights how AI-integrated toolchains create new paths for credential theft.

What is the difference between MDR, XDR, and EDR?

Field Effect — Tue, 24 Feb 2026 19:45:00 GMT

The cybersecurity world can sometimes feel like a tangled web of acronyms, each longer and more complex than the last. We've previously covered some of the more common terms, but today, let's dive deeper into the world of detection and response, focusing on three heavy hitters:

Cyber myth buster: EDR and backups aren’t a security strategy

Field Effect — Tue, 24 Feb 2026 19:26:54 GMT

Endpoint detection and response (EDR) and data backups are essential tools in any cybersecurity program. They help detect threats on endpoints and recover data when things go wrong. But relying on them alone leaves critical gaps.

The best alternatives to Blackpoint for managed detection & response

Field Effect — Tue, 24 Feb 2026 18:20:43 GMT

Why do organizations seek alternatives to Blackpoint?

Blackpoint Cyber is a familiar name among MSPs seeking a managed SOC-as-a-service offering. However, as cybersecurity demands evolve, many MSPs and lean IT teams find themselves looking for more integrated, complete, and value-driven MDR solutions.

How to calculate the ROI of MDR solutions

Field Effect — Tue, 24 Feb 2026 18:05:35 GMT

Return on investment (ROI) for managed detection and response (MDR) is often misunderstood.

Low‑skill threat actor leverages AI in FortiGate intrusion activity

Field Effect Security Intelligence Team — Tue, 24 Feb 2026 14:01:04 GMT

At a glance: More than 600 FortiGate devices were compromised worldwide after a low-skill, financially motivated actor used commercial AI tools to automate reconnaissance, credential harvesting, and intrusion activity against exposed management interfaces with weak authentication. The campaign highlights how AI can amplify opportunistic attacks. Organizations should restrict internet-facing management access, enforce MFA, rotate credentials, and monitor for anomalous activity to reduce risk.

Evaluating MDR vendors: Why MSPs choose Field Effect MDR

Field Effect — Mon, 23 Feb 2026 15:36:57 GMT

For managed service providers (MSPs), choosing a managed detection and response (MDR) vendor is no longer just a technology decision, it's a business risk decision.