Stay up to date on critical cyber risks, Microsoft’s March Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Microsoft Patch Tuesday: 
  – 83 vulnerabilities disclosed 
  – 3 rated Critical, 2 are Zero-Day (both publicly disclosed, 0 exploited) 

• High-Severity Advisories from Major Vendors: 
  – Adobe: 80 vulnerabilities, affecting 8 products  
  – Cisco: 3 critical-severity flaws in Cisco Secure Firewall Management Center (FMC) and Cisco Catalyst SD-WAN Manager 
  – Fortinet: 2 high-severity flaws in FortiManager and FortiSwitchAXFixed  
  – Ivanti: 1 high-severity flaw in Ivanti Desktop and Server Management (DSM) 
  – SAP: 2 critical, 1 high vulnerabilities in SAP Quotation Management Insurance application (FS-QUO), SAP NetWeaver Enterprise Portal Administration, and SAP Supply Chain Management 
  – VEEAM: 6 critical-severity flaws, 4 high-severity flaws published  

• Top Threats to Watch: 
  – Iran‑linked targeting of IP cameras to support physical warfare operations and battlefield intelligence across the Middle East.  
  – Chinese‑nexus APT activity using PlugX malware and conflict‑themed lures to rapidly target organizations in Qatar and the Gulf region. 
  – Iranian MOIS and MuddyWater operations expanding espionage capabilities, including new backdoors (Dindoor, Fakeset) and Rclone‑based data exfiltration.  
  – Advanced social engineering campaigns—Teams impersonation, Quick Assist abuse, LastPass‑themed phishing, and commercial‑grade kits like Starkiller that bypass MFA. 
  – Rise in infostealer and mobile malware innovation, including theft of AI‑agent configuration files (OpenClaw) and the GenAI‑powered Android malware PromptSpy. 

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. October 2025’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

• What This Means for Your Organization: 
  – No more security patches or bug fixes for Windows 10 devices  
  – Increased exposure to vulnerabilities and compliance risks  
  – Continued support requires either: 1.) Enrolling in Microsoft’s paid ESU program, or 2.) Upgrading to Windows 11

• Upgrading Windows 11  
  Unlike traditional feature upgrades, Windows 11 25H2 is built on the same servicing branch and code base as Windows 11 24H2, making the transition simpler and lower risk.  
  
  Fortress has thoroughly tested Windows 11 25H2 and recommends upgrading all supported devices. To begin the upgrade process, contact our 24/7/365 Security Operations Team or reach out to your client experience manager.  

Windows 11 End of Support

As of November 2025, Microsoft has officially ended support for earlier versions of Windows 11 (listed below).

• Windows 11 version 21H2 (All Editions) 
• Windows 11 version 22H2 (All Editions) 
• Windows 11 version 23H2 (Home & Pro) 

We would also like to highlight several upcoming End of Support dates for the following Windows releases: 

• Windows 11 version 23H2 (Enterprise & Education) – Support ends November 10, 2026. After this date, these editions will no longer receive security updates or fixes. 
• Windows 11 version 24H2 (Home & Pro) – Support ends October 13, 2026. Devices running these editions should be upgraded before this date to remain supported and secure. 

Fortress recommends reviewing device inventories ahead of these deadlines to ensure systems are upgraded in advance and remain within a supported lifecycle. 

* Some specialized editions of Windows 11 24H2 (e.g. Long Term Support Cycle) will continue to receive extended support through 2029. However, for all other editions we recommend upgrading to Windows 11 25H2.  

Windows Server 2016 End of Support

Support for Windows Server 2016 is scheduled to end on January 12, 2027, which is now less than a year away. After this date, Microsoft will no longer provide security updates, bug fixes, or technical support for the platform. 

Organizations still running Windows Server 2016 should begin planning upgrade or migration strategies to avoid increased security risk and compliance concerns once support ends. 

Fortress recommends reviewing affected systems early to allow sufficient time for testing, upgrades, or workload migration before the end-of-support deadline. 

Need help planning your transition?

Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.

Patch Tuesday Summary

Microsoft March 2026 Patch Tuesday 
83 vulnerabilities disclosed, including 3 critical and 2 zero-days. By category:

• 43 Elevation of Privilege 
• 17 Remote Code Execution 
• 9 Information Disclosure 
• 4 Denial of Service 
• 4 Spoofing 
• 2 Denial of Service

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

Microsoft March 2026 Security Update Release

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins

Cisco *

Cisco Security Advisories

Fortinet *

Fortinet PSIRT Advisories

Ivanti *

Ivanti March 2026 Security Update

SAP *

SAP March 2026 Security Notes

VEEAM *

VEEAM KB Notes

Google Chrome

• Version: 146.0.7680.71/72 (Windows and Mac), 146.0.7680.71 (Linux)  
• Release Date: Tuesday, March 10, 2026 

Chrome Release Notes

* Not handled by Fortress SRM. 

Threat Intelligence Trends – March 2026

The following resources are grouped by threat type / category. 

Emerging Threats

Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East   Check Point Research observed a surge in Iranian‑linked attempts to compromise IP cameras across Israel, Gulf states, Lebanon, and Cyprus, beginning February 28, 2026. The targeting appears to support battlefield intelligence and potential missile operations, with earlier activity aligning to geopolitical flashpoints such as Iran’s temporary airspace closure.  
Read more

China‑Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions   
Check Point Research observed increased activity from Chinese‑nexus APT groups targeting Qatar, including attempts by the Camaro Dragon threat actor to deploy PlugX malware within one day of the Middle East escalation. The attackers leveraged ongoing regional conflict to craft credible lures and rapidly adapt operations, highlighting China‑linked actors’ agility and expanding focus on the Gulf region. 
Read more   

Iranian MOIS Actors & the Cyber Crime Connection   
Check Point Research reports that Iranian Ministry of Intelligence and Security (MOIS)–linked groups, including Void Manticore and MuddyWater, are increasingly leveraging cybercriminal tools, services, and infrastructure to support state objectives. This convergence enhances operational capabilities, expands deniability, and blurs attribution as Iranian actors adopt ransomware branding, commercial infostealers, and criminal‑ecosystem tradecraft. 
Read more

Iran-Linked MuddyWater Deploys New Dindoor Malware Against U.S. Networks   
SOCRadar reports that Iranian APT MuddyWater (Seedworm) targeted multiple U.S. organizations—including a bank, airport, nonprofit, and a defense‑linked software firm—using a newly discovered backdoor called Dindoor. The campaign, active since early 2026, also leveraged a second backdoor (Fakeset) and attempted data exfiltration via Rclone, underscoring the group’s expanding espionage capabilities during heightened geopolitical tensions. 
Read more

Social Engineering Attacks

Criminals Impersonating City and County Officials in Phishing Emails for Planning and Zoning Permits   
The FBI warns of a phishing scheme in which criminals impersonate city and county planning and zoning officials to solicit fraudulent payments. Attackers use real permit information and professional‑looking emails to deceive victims into sending money via wire transfer, peer‑to‑peer apps, or cryptocurrency. 
Read more

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
BlueVoyant researchers identified a campaign where attackers impersonate IT staff on Microsoft Teams, use email bombing to create urgency, and convince victims to grant remote access through Quick Assist. Once on the device, the threat actors sideload malicious DLLs via digitally signed MSI packages to deploy the new A0Backdoor, which uses anti‑sandbox techniques and covert DNS MX‑based command‑and‑control.  
Read more

Hackers Mimic LastPass Support Emails to Steal Vault Passwords 
A new phishing campaign impersonates LastPass support by forwarding fake email threads and using display‑name spoofing to create urgency around supposed unauthorized account activity. Victims are funneled to fake login pages on domains like verify‑lastpass[.]com, where attackers harvest vault master passwords. 
Read more

Starkiller Phishing Kit   
Researchers at Abnormal uncovered Starkiller, a commercial‑grade phishing kit that proxies real login pages in real time to steal credentials and bypass MFA. By loading genuine sites through attacker‑controlled infrastructure, it captures every keystroke and authentication token while remaining nearly impossible for victims to distinguish from the real thing. 
Read more

Ransomware & Malware Deployment

Hudson Rock Identifies Real‑World Infostealer Infection Targeting OpenClaw Configurations
Hudson Rock discovered the first live case of an infostealer exfiltrating OpenClaw AI‑agent configuration files, marking a major shift from credential theft to stealing tokens, private keys, and personal AI “identity” data. The malware, likely a Vidar variant, used a broad file‑grabbing routine to sweep the victim’s .openclaw directory, capturing gateway tokens, cryptographic keys, and context files that could enable full impersonation of the user’s AI agent. 
Read more

PromptSpy Ushers in a New Era of Android Threats Using GenAI   
ESET researchers uncovered PromptSpy, the first known Android malware to abuse generative AI—specifically Google’s Gemini—to analyze on‑screen elements and guide malicious UI actions for persistence. The malware deploys a built‑in VNC module for remote access, captures lockscreen data, blocks uninstallation with invisible overlays, and primarily targets users in Argentina. 
Read more

Cloud & Infrastructure Exploits

PayPal February 2026 Data Breach Notification   
A coding error in PayPal’s Working Capital loan application exposed sensitive customer data—including names, contact details, Social Security numbers, and dates of birth—from July to December 2025. PayPal reset affected account passwords, issued refunds for unauthorized transactions, and is offering two years of complimentary Equifax credit monitoring to impacted users.  
Read more 

Protecting Your Data: Essential Actions to Secure Experience Cloud Guest User Access   Salesforce warns that threat actors are exploiting misconfigured Experience Cloud guest user settings, allowing unauthorized access to CRM data through a modified AuraInspector scanning tool. The activity stems from overly permissive customer‑configured guest profiles—not a platform vulnerability—and organizations are urged to audit permissions and apply least‑privilege controls immediately. 
Read more 

Recommended Actions

Mitigations

• Enforce strong network segmentation, isolating OT, surveillance systems, and any public‑facing IoT devices. 
• Mandate firmware updates for all IP cameras and IoT appliances; disable UPnP and unnecessary remote access. 
• Harden SQL, SharePoint, VPNs, and remote‑access infrastructure—common targets for MOIS- and Chinese‑linked APT groups. 
• Require privileged access management (PAM) for all admin accounts with MFA enforced. 
• Block high‑risk file types and disable macros for Office installations organization‑wide. 
• Enforce strict egress filtering to prevent exfiltration via Rclone or unauthorized cloud apps. 
• Deploy application allowlisting on critical assets to prevent execution of tools like PlugX or Dindoor/Fakeset backdoors. 

Monitoring/Detection

Emerging Threat & APT Activity

• Track sudden login attempts from Middle East or APAC IP ranges, especially involving VPNs, O365, or identity providers. 
• Monitor IP camera and IoT behavior, including unusual outbound traffic to unknown cloud hosts or uncommon ports. 
• Alert on high‑volume ZIP/RAR creation, staging directories, or command‑line compressions commonly used during espionage operations. 
• Enable robust logging for PowerShell, WMI, LDAP queries, and movement patterns associated with MuddyWater, Void Manticore, and other Iranian/Chinese‑linked threat actors. 
• Detect PlugX, Dindoor, or Fakeset indicators such as DLL sideloading, unexpected scheduled tasks, anomalous service creation, or DNS queries with NXDOMAIN‑heavy patterns. 

Social Engineering Campaigns

• Flag email bombing campaigns targeting user inboxes, a common precursor to Teams impersonation and IT-helpdesk spoofing. 
• Monitor for unexpected Teams messages from external domains or newly created internal accounts. 
• Detect connections to typosquatted or newly registered LastPass‑themed domains, especially involving password reset attempts. 
• Identify Quick Assist sessions that were not initiated by IT and unusual MSI installation activity from temporary directories. 

Ransomware & Infostealers

• Monitor access to sensitive directories, especially:  
  – .openclaw, AI-agent configs, .json, .pem, .token files 
• Alert on high volume file reads and broad file grabbing behavior typical of Vidar or similar infostealers.  
• Detect outbound connections to:  
  – Pastebin-style data dump sites 
  – Temporary file sharing domains 
  – DNS MX–based C2 traffic (used by A0Backdoor) 

Cloud & Infrastructure Exploits

• Implement continuous monitoring of:  
  – Salesforce guest user permissions 
  – Public/guest object exposure 
  – Audit logs for unexpected API usage 
• In payment/finance systems, monitor:  
  – Bulk access to PII 
  – Scripted or automated form submissions 
  – Authentication failures followed by password resets 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy

The post Threat and Security Update – March, 2026 appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s February Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Microsoft Patch Tuesday: 
  – 59 vulnerabilities disclosed
  – 5 rated Critical, 6 are Zero-Day (6 actively exploited, 3 publicly disclosed)  

• High-Severity Advisories from Major Vendors: 
  – Adobe: 44 vulnerabilities patched across 9 products 
  – Cisco: 2 high-severity flaws, affecting Cisco Meeting Management, Cisco TelePresenceCollaboration Endpoint (CE) Software and Cisco RoomOS Software 
  – Fortinet: 2 high-severity flaws in FortiSandbox and FortiOS 
  – SAP: 2 critical vulnerabilities in SAP NetWeaver Application Server, SAP CRM and SAP S/4HANA 
  – Ivanti: 2 high-severity flaws in Ivanti Endpoint Manager (EPM)  

• Top Threats to Watch: 
  – State‑linked impersonation and infiltration campaigns, including DPRK operatives using stolen LinkedIn identities to gain corporate access. 
  – Multi‑stage adversary‑in‑the‑middle (AiTM) phishing & BEC operations, particularly those abusing SharePoint and session-cookie theft for lateral expansion. 

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. October 2025’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

• What This Means for Your Organization: 
  – No more security patches or bug fixes for Windows 10 devices  
  – Increased exposure to vulnerabilities and compliance risks  

• Continued support requires either:  
  – Enrolling in Microsoft’s paid ESU program, or  
  – Upgrading to Windows 11 

Need help planning your transition? 
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.

Patch Tuesday Summary

Microsoft February 2026 Patch Tuesday 
59 vulnerabilities disclosed, including 5 critical and 6 zero-days. By category:

• 23 Elevation of Privilege 
• 13 Remote Code Execution 
• 7 Spoofing
• 6 Information Disclosures
• 6 Security Feature Bypass
• 3 Denial of Service

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

Microsoft February 2026 Security Update Release

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins

Cisco *

Cisco Security Advisories

Fortinet *

Fortinet PSIRT Advisories

Ivanti *

Ivanti February 2026 Security Update

SAP *

SAP February 2026 Security Notes

Google Chrome

• Version: 145.0.7632.75/76 (Windows and Mac), 145.0.7632.75 (Linux) 
• Release Date: Friday, February 13, 2026 
• Key Fixes: High CVE-2026-2441 currently exploited in the wild.   

Chrome Release Notes

* Not handled by Fortress SRM. 

Threat Intelligence Trends – February 2026

The following resources are grouped by threat type / category. 

Emerging Threats

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies 
North Korean IT workers are using stolen or impersonated LinkedIn profiles—with verified workplace emails and identity badges—to fraudulently secure remote jobs in Western organizations. Their objectives include generating revenue for the DPRK regime and conducting espionage by gaining access to sensitive corporate systems. 
Read more →  

Resurgence of a Multi‑Stage AiTM Phishing and BEC Campaign Abusing SharePoint 
Microsoft researchers uncovered a multi‑stage adversary‑in‑the‑middle (AiTM) phishing and business email compromise campaign targeting organizations in the energy sector, leveraging SharePoint file‑sharing services to deliver phishing payloads. The attackers used compromised trusted identities, inbox‑rule manipulation, and stolen session cookies to silently expand access across multiple organizations. 
Read more →  

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords 
LastPass is alerting users to an active phishing campaign impersonating the service, sending emails that falsely claim urgent maintenance and instruct users to back up their vaults within 24 hours. These messages redirect victims to a phishing site designed to steal master passwords, though LastPass confirms it never asks for master passwords and is working to dismantle the malicious infrastructure. 
Read more →  

Convincing LinkedIn Comment‑Reply Tactic Used in New Phishing Campaign 
Scammers are flooding LinkedIn posts with fake “reply” comments impersonating the platform, warning users of bogus policy violations and urging them to visit phishing links that often misuse LinkedIn’s own lnkd.in URL shortener. These deceptive replies mimic LinkedIn branding and can redirect victims through multiple malicious domains designed to harvest credentials. 
Read more →  

Ransomware & Malware Deployment

Fake 7‑Zip Downloads Are Turning Home PCs into Proxy Nodes 
A lookalike 7‑Zip website is distributing a trojanized installer that secretly converts victims’ computers into residential proxy nodes, hiding behind a functional copy of the legitimate 7‑Zip program. The malware silently drops additional components (Uphero.exe, hero.exe, hero.dll) and abuses trusted channels—such as YouTube tutorials referencing the wrong download domain—to funnel users toward the malicious site. Read more →  

Reynolds: Defense Evasion Capability Embedded in Ransomware Payload 
A recent Reynolds ransomware campaign stood out because the payload included a bring‑your‑own‑vulnerable‑driver (BYOVD) componentdirectly inside the ransomware itself, rather than as a separate pre‑deployment tool. The bundled vulnerable NsecSoft NSecKrnl driver enables the ransomware to kill security processes, representing an unusual but increasingly common technique for defense impairment. 
Read more →  

Malicious Use of Virtual Machine Infrastructure 
Sophos researchers uncovered that bulletproof hosting providers are abusing legitimate ISPsystem virtualization infrastructure to mass‑deploy Windows virtual machines with identical autogenerated hostnames, many of which are later used in ransomware operations and other cybercriminal activity. These templated VMs have been linked to incidents involving LockBit, Qilin, BlackCat/ALPHV, NetSupportRAT, and previously exposed Conti/TrickBot operators, illustrating how large‑scale image reuse creates cover for threat actors. Read more →  

VoidLink: The Cloud‑Native Malware Framework 
Check Point Research uncovered VoidLink, a highly modular cloud‑native Linux malware framework composed of custom loaders, implants, rootkits, and more than 30 plugin modules designed for long‑term, stealthy persistence in modern cloud and container environments. Written in Zig, VoidLink can detect major cloud platforms and container runtimes, harvest cloud and Git credentials, and uses extensive OPSEC features such as runtime code encryption, self‑deletion, and adaptive behavior to evade detection. Read more →  

Cloud & Infrastructure Exploits

Notepad++ Infrastructure Hijacked in State‑Linked Supply Chain Attack 
Notepad++ suffered an infrastructure‑level compromise in which attackers hijacked update traffic and selectively redirected targeted users to malicious update servers, enabling delivery of a custom backdoor called *Chrysalis*. The attack did not exploit Notepad++ code but stemmed from a compromised shared hosting provider, with evidence suggesting a likely state‑sponsored threat actor. 
Read more →  

Silent Push Uncovers New Magecart Network Targeting Global Payment Providers 
Silent Push researchers discovered a long‑running web‑skimming (Magecart) campaign active since at least early 2022, involving a vast network of malicious domains injecting obfuscated JavaScript into compromised e‑commerce sites. The campaign targets major payment networks—including American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay—stealing customer credit card data during checkout via fake payment forms. 
Read more →  

AI-Driven Threats

Silent Brothers: Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails 
SentinelOne and Censys uncovered an unmanaged, publicly accessible ecosystem of more than 175,000 exposed Ollama AI hosts across 130 countries, forming a shadow AI compute layer that operates outside standard monitoring and governance boundaries. Nearly half of these hosts are configured with tool‑calling capabilities—allowing code execution, API access, and system interaction—creating significant security risks as attackers can exploit them for automation, malware deployment, or large‑scale abuse. 
Read more →  

KONNI Targets Developers With AI‑Generated PowerShell Malware 
Check Point Research uncovered a North Korea–aligned KONNI phishing campaign targeting software developers and engineering teams across Japan, Australia, and India using AI‑generated PowerShell backdoors. The lures mimic legitimate blockchain‑related project documentation, signaling an effort to compromise development environments and access sensitive infrastructure, API keys, and cryptocurrency assets. 
Read more →  

VoidLink: Early Evidence of Advanced AI‑Generated Malware 
Check Point Research identified VoidLink as one of the first fully documented cases of advanced malware predominantly created through AI‑driven development, reaching a functional 88,000‑line implant in under a week. Operational security leaks exposed development artifacts—including sprint plans, specification documents, and source code—revealing that the framework was planned and built using Spec‑Driven Development, with AI generating architecture, modules, and documentation at a pace previously seen only in well‑resourced threat groups. 
Read more →  

Recommended Actions

Mitigations

• Prioritize February Patch Tuesday updates across Windows, Office, and third‑party platforms (Adobe, Cisco, Fortinet, SAP, Ivanti). Ensure high‑severity vulnerabilities—especially the 6 Windows zero‑days—are patched immediately. 
• Block and monitor impersonation risks by enforcing strong identity verification, MFA, and continuous monitoring for anomalous login patterns or new devices. 
• Harden cloud and virtualization infrastructure against threats like VoidLink, ISPsystem VM abuse, and cloud‑native malware by enforcing least privilege, reviewing API keys, and monitoring for unauthorized container or VM deployments. 
• Secure endpoints and browsers by restricting access to unverified download sites to prevent malware like fake 7‑Zip installers. 

Monitoring

• Monitor identity platforms and email systems for indicators of AiTM activity, MFA bypass attempts, session‑cookie theft, and inbox rule manipulation. 
• Watch for signs of compromised developer environments, including suspicious PowerShell execution, anomalous Git activity, or unauthorized cloud resource creation. 
• Track network indicators tied to large botnets or proxy-node malware, such as unexplained outbound connections or VM instances with identical hostnames. 
• Increase telemetry collection in cloud environments, focusing on unknown containers, unusual API calls, or disabled logging. 

Detection Tips

• Look for MFA push fatigue patterns, unexpected MFA approvals, or sessions authenticated without corresponding MFA prompts. 
• Flag AI‑generated PowerShell scripts or obfuscated command-line behavior linked to KONNI or AI‑assisted malware families. 
• Detect anomalous SharePoint activity, including mass file sharing, newly created sharing links, or impersonated identities distributing files. 
• Scan for BYOVD techniques, particularly attempts to load vulnerable kernel drivers such as NsecSoft NSecKrnl in ransomware deployment. 
• Monitor web traffic for Magecart-like patterns, such as injected JavaScript, unauthorized payment form changes, or repeated contact with suspicious domains. 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy → 

The post Threat and Security Update – February, 2026 appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s January Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Microsoft Patch Tuesday: 
  – 112 vulnerabilities disclosed
  – 8 rated Critical, 3 are Zero-Day (1 actively exploited)  

• High-Severity Advisories from Major Vendors: 
  – Adobe: 17 critical vulnerabilities patched across 11 products 
  – Fortinet: 1 high-severity flaws in FortiOS and FortiSwitchManager 
  – SAP: 4 critical vulnerabilities in SAP Landscape Transformation, SAP S/4HANA, and SAP Wily Introscope Enterprise Manager 
  – n8n: Fixed critical vulnerability affecting versions 1.65–1.120.4 
  – React Server: Disclosed critical RCE vulnerability in React Server Components 
  – Veeam: Disclosed multiple critical vulnerabilities affecting Veeam Backup & Replication v 13.0.1.180 and earlier   

• Top Threats to Watch: 
  – AI‑Powered Social Engineering & Identity Attacks – Attackers are abusing OAuth device-code authorization flows, QR‑code “Quishing,” and LinkedIn comment‑reply impersonation to bypass MFA and steal credentials at scale. 
  – Supply‑Chain & Developer Ecosystem Compromises – Major compromises include the Office Assistant supply‑chain attack, malicious VS Code/OpenVSX extensions (GlassWorm), and breach of Target developer systems—highlighting continued targeting of dev environments and CI/CD ecosystems. 
  – AI‑Driven Malware & Botnet Expansion – GoBruteforcer campaigns leverage AI‑generated default credentials and weak configurations to compromise 50,000+ servers, especially crypto and blockchain environments. 
  – Malicious Browser Extensions Harvesting AI Chats & Corporate Data – Two Chrome extensions with 900k+ installs stole ChatGPT/DeepSeek conversations and corporate browsing data, demonstrating large‑scale exfiltration from trusted browser ecosystems. 
  – Critical RCE Vulnerabilities Actively Exploited in the Wild – Active exploitation of WatchGuard Firebox (CVE‑2025‑14733), Fortinet FG‑IR‑19‑283, React Server Components (CVSS 10.0), Veeam Backup & Replication, and n8n workflow vulnerabilities poses severe risk for remote code execution, config theft, and full system compromise. 

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. This month’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

• What This Means for Your Organization: 
  – No more security patches or bug fixes for Windows 10 devices  
  – Increased exposure to vulnerabilities and compliance risks  

• Continued support requires either:  
  – Enrolling in Microsoft’s paid ESU program, or  
  – Upgrading to Windows 11 

Need help planning your transition? 
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.

Patch Tuesday Summary

Microsoft January 2026 Patch Tuesday 
112 vulnerabilities disclosed, including 8 critical and 3 zero-days. By category:

• 57 Elevation of Privilege 
• 22 Remote Code Execution 
• 22 Information Disclosure 
• 5 Spoofing 
• 3 Tampering 
• 3 Security Feature Bypass 
• 2 Denial of Service 

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

Microsoft January 2026 Security Update Release

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins

Fortinet *

Fortinet PSIRT Advisories

SAP *

SAP January 2026 Security Notes

Google Chrome

• Version: 144.0.7559.59/60 (Windows and Mac), 144.0.7559.59 (Linux) 
• Release Date: Tuesday, January 13, 2026 
• Key Fixes: High CVE-2026-0899, High CVE-2026-0900 and High CVE-2026-0901 

Chrome Release Notes

Mozilla Firefox

• Version: Firefox 147 
• Release Date: Tuesday, January 13, 2026 
• Key Fixes: High CVE-2026-0877/78/79/80/81/82 

Mozilla Release Notes

* Not handled by Fortress SRM. 

Threat Intelligence Trends – January 2026

The following resources are grouped by threat type / category. 

Emerging Threats

SOCRadar Annual Dark Web Report 2025  
SOCRadar’s 2025 Annual Dark Web Report highlights a data‑driven overview of underground cybercrime, showing that data leaks dominate dark web activity, with database‑related threats making up 64.06% of observed incidents and selling posts 59.32%. The United States remains the top target, responsible for 19.91% of dark‑web mentions and over 41% of ransomware attacks, while Public Administration emerges as the most exposed sector at 12.85%. 
Read more → 

Silent Push Uncovers Long‑Running Magecart Skimming Campaign  
Security researchers discovered a sophisticated Magecart web‑skimming network that has been active since at least 2022, targeting major payment cards including American Express, Discover, Mastercard, JCB, UnionPay, and others. 
Read more →

Target’s Dev Server Taken Offline After Hackers Claim Theft of Internal Source Code 
Hackers published samples of what they claim is stolen internal Target source code on a public Gitea instance, advertising a much larger 860GB dataset for sale and referencing internal systems, developer metadata, and private repositories. 
Read more →

Trust Wallet Confirms Extension Hack Led to $7 Million Crypto Theft 
Trust Wallet confirmed that a malicious Chrome extension update (version 2.68) published on December 24 allowed attackers to exfiltrate sensitive wallet data, resulting in approximately $7 million in stolen cryptocurrency. 
Read more →

Senior U.S. Officials Impersonated in Malicious Smishing & Vishing Campaign 
An IC3 Public Service Announcement warns that since at least 2023, threat actors have been impersonating senior U.S. government officials through smishing (SMS phishing) and AI‑generated vishing calls to build rapport with victims before moving conversations to encrypted apps. 
Read more →

Ransomware & Malware Deployment

Office Assistant Supply Chain Attack Delivers Malicious Plugin  
Security researchers uncovered a long‑running supply‑chain attack in which the popular Chinese AI‑powered Office Assistant application (version 3.1.10.1) secretly loaded a malicious downloader component that contacted C2 domains, retrieved multi‑stage payloads, and ultimately deployed the Mltab malicious browser plugin.
Read more →

GlassWorm Goes Mac: Fresh Infrastructure, New Tricks  
A new GlassWorm wave marks a major pivot from Windows to macOS, distributing malicious VS Code/OpenVSX extensions that use AES‑256‑CBC–encrypted JavaScript payloads instead of earlier invisible Unicode or Rust‑based techniques.
Read more →

MacSync Stealer Evolves into Code‑Signed Swift Malware 
Security researchers discovered a new MacSync Stealer variant delivered as a code‑signed and notarized Swift application inside a disk image, allowing it to bypass Gatekeeper and avoid traditional execution‑chain indicators. 
Read more →

GachiLoader: Obfuscated Node.js Loader Spread via YouTube Ghost Network 
Check Point Research identified GachiLoader, a heavily obfuscated Node.js‑based loader distributed through compromised YouTube accounts promoting fake game cheats and cracked software. 
Read more → 

Social Engineering Exploits

Convincing LinkedIn Comment‑Reply Tactic Used in New Phishing Campaign   
A new phishing campaign is flooding LinkedIn posts with fake “reply” comments impersonating LinkedIn, falsely claiming policy violations and urging users to click external links masked with lnkd.in shorteners for added credibility. 
Read more → 

GRU‑Linked BlueDelta Evolves Credential‑Harvesting Tactics 
Russia‑linked BlueDelta (APT28) expanded its credential‑harvesting campaigns throughout February–September 2025, targeting Turkish energy and nuclear researchers, a European think tank, and organizations in North Macedonia and Uzbekistan. The group used highly tailored lures, spoofed Microsoft OWA, Google, and Sophos VPN login pages. 
Read more → 

North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing (Quishing) Campaigns 
A new FBI Cybersecurity Advisory warns that North Korean Kimsuky actors are increasingly using malicious QR codes (“Quishing”) in highly targeted spearphishing campaigns against U.S. think tanks, NGOs, academia, and government‑linked entities. 
Read more → 

DocuSign Impersonation Wave Leveraging Real‑Time LogoKit Customization 
Security researchers  identified a growing wave of DocuSign impersonation attacks in which phishing emails mimic authentic DocuSign notifications, spoof sender domains, and address recipients by their login name to increase credibility. 
Read more → 

Access Granted: Phishing With Device Code Authorization Enables Stealthy M365 Account Takeovers 
Proofpoint researchers warn that multiple threat clusters—both financially motivated and state‑aligned—are now abusing Microsoft’s OAuth 2.0 device code authorization flow to trick users into granting attackers access to their Microsoft 365 accounts. 
Read more → 

AI-Driven Threats

Inside GoBruteforcer: AI‑Generated Server Defaults, Weak Passwords, and Crypto‑Focused Campaigns 
Check Point Research analyzed an evolved GoBruteforcer botnet variant that exploits AI‑generated server deployment examples and legacy stacks like XAMPP, which frequently include predictable default usernames and weak passwords, leaving over 50,000 internet‑facing servers vulnerable. 
Read more → 

LLMs & Ransomware: An Operational Accelerator, Not a Revolution 
SentinelOne researchers conclude that large language models (LLMs) are accelerating ransomware operations—improving speed, scalability, multilingual phishing, tooling generation, data triage, and negotiation—without fundamentally transforming attacker tactics. 
Read more → 

Chrome Extensions Impersonate AI Tools to Steal ChatGPT & DeepSeek Chats 
Security researchers report that two malicious Chrome extensions—Chat GPT for Chrome with GPT‑5, Claude Sonnet & DeepSeek AI and AI Sidebar with Deepseek, ChatGPT, Claude and more—accumulated over 900,000 installs while secretly exfiltrating full ChatGPT and DeepSeek conversation data and users’ browsing activity. 
Read more → 

Vulnerabilities Actively Exploited

Security Advisory: Vulnerability in n8n Versions 1.65–1.120.4 
n8n disclosed a critical security vulnerability affecting versions 1.65–1.120.4, specifically in workflows using a Form Submission trigger with file upload and a Form Ending node returning binary data. 
Read more → 

Vulnerabilities Resolved in Veeam Backup & Replication 13.0.1.1071 (KB4792) 
Veeam’s KB4792 advisory discloses multiple vulnerabilities affecting Veeam Backup & Replication 13.0.1.180 and all earlier v13 builds, all of which were fixed in version 13.0.1.1071. 
Read more → 

Critical Security Vulnerability in React Server Components (RSC) 
React disclosed CVE‑2025‑55182, a critical unauthenticated remote code execution (RCE) vulnerability (CVSS 10.0) affecting React Server Components, caused by unsafe deserialization of payloads sent to React Server Function endpoints. 
Read more → 

WatchGuard Firebox iked Out‑of‑Bounds Write Vulnerability (WGSA‑2025‑00027) 
WatchGuard disclosed WGSA‑2025‑00027, a critical Out‑of‑Bounds Write vulnerability (CVE‑2025‑14733) in the Fireware OS ikedprocess, allowing remote unauthenticated RCE on Firebox appliances. 
Read more → 

Product Security Advisory & Analysis: Observed Abuse of FG‑IR‑19‑283 (CVE‑2020‑12812) 
Fortinet has confirmed active, in‑the‑wild exploitation of the long‑patched FortiGate authentication bypass vulnerability FG‑IR‑19‑283 / CVE‑2020‑12812, originally disclosed in July 2020. 
Read more → 

Recommended Actions

Mitigations

• Patch all affected systems immediately, prioritizing critical vulnerabilities in Microsoft Patch Tuesday (8 Critical, 3 Zero‑Days), Adobe products, SAP, Fortinet, and WatchGuard Fireware OS (CVE‑2025‑14733) to prevent remote code execution and active exploitation attempts. 
• Upgrade or retire Windows 10 endpoints (end‑of‑support October 14, 2025) or enroll devices in Microsoft’s ESU program to maintain patch coverage. 
• Harden identity infrastructure by enforcing MFA everywhere, disabling vulnerable LDAP/2FA configurations in FortiGate devices, and reviewing OAuth app permissions to defend against device‑code phishing abuses (per Proofpoint research). 
• Remove malicious or suspicious browser extensions, especially AI‑related Chrome add-ons impersonating legitimate tools, and enforce extension allowlisting enterprise‑wide to prevent “prompt‑poaching” attacks. 
• Apply security updates for n8n workflows, upgrading to version 1.121.0+ to fix the file‑access vulnerability in Form Submission workflows. 
• Update React applications and frameworks (Next.js, Parcel/Vite RSC plugins) to patched versions addressing the CVE‑2025‑55182 RCE deserialization flaw. 
• Ensure Veeam Backup & Replication is updated to version 13.0.1.1071 to close RCE paths exploitable by Backup/Tape Operators or Backup Admins. 
• Harden exposed servers and databases by eliminating default/AI‑generated weak credentials to reduce susceptibility to GoBruteforcer botnet campaigns. 

Monitoring

• Monitor identity platforms (Azure AD/M365) for unusual OAuth device‑code authorizations, unexpected app consents, anomalous MFA‑less logins, and session‑token reuse attempts. 
• Watch for VPN and firewall anomalies, including FortiGate login attempts using case‑variant usernames (e.g., Jsmith vs jsmith) and WatchGuard Firebox connections to any published Indicators of Attack (IOAs). 
• Enable alerting for Chrome/Edge extension installations, especially AI sidebar/chat extensions, and track outbound connections to known attacker C2 domains associated with data‑exfiltrating browser extensions. 
• Monitor for signs of n8n exploitation, such as unexpected file reads, unauthorized workflow executions, or abnormal file‑handling behavior in Form Submission workflows. 
• Continuously monitor internet‑facing services (FTP/MySQL/PostgreSQL/phpMyAdmin) for brute‑force attempts, high‑volume authentication failures, and scanning activity consistent with GoBruteforcer botnet behavior. 

Detection Tips

• Look for RCE exploitation attempts targeting WatchGuard Firebox (CVE‑2025‑14733), including unexpected outbound connections to attacker IPs, exfiltration of config files, or rapid creation of gzip archives containing credentials. 
• Detect device‑code phishing chains by flagging user activity involving login.microsoft.com/devicelogin with suspicious timing, unexpected device codes, or unknown applications requesting access tokens. 
• Identify malicious browser extensions by scanning for extensions communicating with domains such as deepaichats[.]com, chatsaigpt[.]com, or suspicious Lovable‑hosted infrastructure used in AI‑chat exfiltration campaigns. 
• Check for indicators of GoBruteforcer infection, including newly dropped web shells, outbound IRC beaconing, high‑frequency scanning of public IP space, or processes using default/AI‑generated usernames (e.g., myuser, appuser). 
• Hunt for React Server Component exploitation by reviewing server logs for malformed RSC payloads, unexpected POST requests to RSC/Server Function endpoints, or errors related to deserialization. 
• Inspect n8n logs for anomalous access patterns, especially unauthorized POST requests to Form Submission endpoints that include unexpected file‑handling fields. 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy → 

The post Threat and Security Update – January, 2026 appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s December Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Microsoft Patch Tuesday: 
  – 57 vulnerabilities disclosed 
  – 3 rated Critical, 3 are Zero-Day (1 actively exploited) 

• Adobe Security Updates: 
  – 139 vulnerabilities patched across 5 products 
  – 14 rated Critical, affecting Creative Cloud Desktop Application, Acrobat and Reader, DNG Software Development Kit (SDK), Experience Manager, and ColdFusion

• High-Severity Advisories from Major Vendors: 
  – Cisco: 1 critical-severity flaws in React and Next.js Frameworks 
  – Fortinet: 1 critical and 1 high-severity flaws in FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, and FortiSandbox 
  – Ivanti: 1 critical and 3 high-severity flaws in Ivanti Endpoint Manager (EPM) 
  – SAP: 3 critical vulnerabilities in SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect 
  – Google: Fixed 3 security issues, one that is being actively exploited 
  – Android: Fixed 2 actively exploited zero-days  

• Top Threats to Watch: 
  – Fortinet SSO Auth Bypass – Critical flaws allow attackers to bypass FortiCloud authentication. 
  – APT Collaboration – Gamaredon (Russia) and Lazarus (North Korea) sharing infrastructure. 
  – Insider Breach at CrowdStrike – Employee leaked internal screenshots to hackers. 
  – GlassWorm Malware – Self-propagating worm hiding malicious code in VS Code extensions. 
  – Storm-0249 Ransomware Tactics – Abuse of EDR software for stealthy persistence. 
  – Massive Phishing Campaign – 4,300+ domains targeting hotel guests and vacation planners. 
  – AI-Orchestrated Espionage – Claude AI exploited for autonomous cyber operations. 
  – FBI/CISA Alerts – Account takeover fraud, virtual kidnapping scams, and pro-Russia hacktivist attacks on critical infrastructure. 

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. This month’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

• What This Means for Your Organization: 
  – No more security patches or bug fixes for Windows 10 devices  
  – Increased exposure to vulnerabilities and compliance risks  

• Continued support requires either:  
  – Enrolling in Microsoft’s paid ESU program, or  
  – Upgrading to Windows 11 

Need help planning your transition? 
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.

Patch Tuesday Summary

Microsoft December 2025 Patch Tuesday 
57 vulnerabilities disclosed, including 3 critical and 3 zero-days. By impact category:

• 28 Elevation of Privilege 
• 19 Remote Code Execution 
• 4 Information Disclosure 
• 3 Denial of Service  
• 3 Spoofing 

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

Microsoft December 2025 Security Update Release 

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins

Cisco *

Cisco Security Advisories

Fortinet *

Fortinet PSIRT Advisories

Ivanti *

Ivanti December 2025 Security Update

SAP *

SAP December 2025 Security Notes

Android

• Release Date: Friday, December 5, 2025  
• Key Fixes: 2 actively exploited zero-days, CVE-2025-48633 and CVE-2025-48572 involving information disclosure and elevation of privilege. 

Android Security Bulletin 

Google Chrome

• Version: 143.0.7499.109/.110 (Windows and Mac), 143.0.7499.109 (Linux) 
• Release Date: Wednesday, December 10, 2025 
• Key Fixes: CVE-2025-14372, CVE-2025-14373, and 1 high severity actively exploited not currently classified. 

Chrome Release Notes

* Not handled by Fortress SRM. 

Threat Intelligence Trends – December 2025

The following resources are grouped by threat type / category. 

Emerging Threats

Fortinet warns of critical FortiCloud SSO login auth bypass flaws  
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Read more →   

Alliances of convenience: How APTs are beginning to work together 
New evidence uncovered suggests that two of the world’s most aggressive advanced persistent threat (APT) actors, Russia-aligned Gamaredon and North Korea’s Lazarus, may be operating on shared infrastructure. Read more →  

CrowdStrike Catches Insider Feeding Information to Hackers 
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. Read more →  

Ransomware & Malware Deployment

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace 
GlassWorm malware targeting VS Code extensions on OpenVSX marketplace, using invisible Unicode characters that hides malicious intent in code editors. Read more →  

Storm-0249 Hijacks EDR Software for Ransomware Staging  
Financially motivated initial access broker (IAB) @Storm-0249 has shifted from using broad phishing to stealthier methods of initial access and establishing persistence. To achieve this, the IAB abused trusted endpoint detection and response (EDR) processes. Read more →  

Social Engineering Exploits

Thousands of Domains Target Hotel Guests in Massive Phishing Campaign  
A Russian-speaking threat actor operating an ongoing, mass phishing campaign targeting people who might be planning (or about to leave for) a vacation has registered more than 4,300 domain names used in the attacks since the beginning of the year. Read more →  

AI-Driven Threats

Claude AI Abused in AI-orchestrated Cyber Espionage Campaign 
This campaign demonstrated unprecedented integration and autonomy of AI throughout the attack lifecycle, with the threat actor manipulating Claude Code to support reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations largely autonomously. Read more →   

FBI/CISA Advisories

Account Takeover Fraud via Impersonation of Financial Institution Support 
The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. Read more →  

Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams 
The FBI warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams. Read more →   

Title Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 
The FBI, CISA, NSA, and partners release a joint advisory on Russian hacktivists targeting critical infrastructure with less sophisticated, lower impact attacks via VNC connections. Read more →  

Recommended Actions

Mitigations

• Apply Microsoft December Patch Tuesday updates immediately, prioritizing critical and zero-day vulnerabilities. 
• Patch Adobe, Cisco, Fortinet, Ivanti, and SAP products to address critical flaws and prevent exploitation. 
• Upgrade or enroll in Extended Security Updates (ESU) for Windows 10 devices to maintain compliance and reduce risk. 
• Implement least privilege access and enforce MFA to reduce insider threat impact. 
• Harden EDR configurations and validate integrity to prevent abuse by ransomware actors. 

Monitoring

• Monitor for FortiCloud SSO authentication bypass attempts and unusual login patterns. 
• Track APT-related infrastructure indicators (Gamaredon, Lazarus) and insider activity anomalies. 
• Watch for GlassWorm indicators in VS Code extensions and OpenVSX marketplace downloads. 
• Monitor DNS and web traffic for phishing domains targeting travel/hospitality. 
• Observe AI-related activity for signs of automated reconnaissance or exploitation. 

Detection Tips

• Deploy rules to detect Unicode-based obfuscation in code repositories (GlassWorm). 
• Alert on unexpected EDR process manipulation or persistence techniques (Storm-0249). 
• Flag large-scale domain registrations and suspicious email campaigns linked to phishing. 
• Detect anomalous API calls or privilege escalations in Fortinet, Ivanti, and SAP environments. 
• Use behavioral analytics to identify AI-driven attack patterns and insider data exfiltration. 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy → 

The post Threat and Security Update – December, 2025 appeared first on Fortress SRM.

Written by: Donovan Crowley, Fortress SRM Director of Security Strategy

Cloud environments aren’t just that “data center in the sky” anymore. They have become the backbone of modern enterprise IT. And with hybrid and multi-cloud setups becoming the norm, Microsoft Azure is often at the center, powering it all. 

But here’s the catch: with great flexibility comes great complexity… and where there’s complexity, there’s risk. 

Azure’s power lies in its configurability, but that same flexibility makes misconfigurations easy to create and hard to spot. In fact, misconfigurations remain one of the leading causes of cloud breaches today, far more common than flashy exploits or headline-grabbing vulnerabilities. 

Across our assessments and incident response cases, we see the same pattern: a small configuration slip, seemingly harmless, quietly escalates into serious exposure. And often, it happens without generating a single alert. 

Some of the most overlooked risks we see again and again include: 

• Overly permissive access rules that expose private workloads. 
• Local or legacy accounts bypassing MFA or Conditional Access. 
• Dormant identities and unused resources creating governance blind spots. 
• Misconfigured or missing logs that hinder threat detection. 
• Persistent admin privileges without PIM or just-in-time controls. 

Alone, these issues might not look like much. But in a fast-moving cloud environment, they stack up. And attackers love that hidden surface, auditors find it fast, and defenders usually spot it too late. 

In this post, we’ll break down the top five Azure misconfigurations we see in the wild, why even experienced teams miss them, and how a focused Cloud Security Posture Management (CSPM) assessment can help you fix them quickly. 

Top 5 Azure Misconfigurations Putting You At Risk

Azure makes it easy to move fast. You can deploy an entire workload in minutes, integrate it, and scale instantly. But that speed also means you can misconfigure it just as quickly. 

Cloud environments never sit still. New resources spin up, identity assignments change, and hidden dependencies. As a result, the same core misconfigurations show up in almost every assessment we run, whether the organization is a small startup or a Fortune 100 enterprise. 

Here are the top five issues you cannot afford to ignore.  

1. NSGs and RBAC Gone Wild: The Danger of Overly Permissive Permissions

Too much access + too many privileges = your biggest Azure attack surface.  

What to Watch For (Common Symptoms)

• Open inbound Network Security Group (NSG) rules that allow traffic from 0.0.0.0/0, especially for RDP (port 3389) and SSH (port 22). 
• Excessive RBAC role assignments, where users or groups are given broad roles (e.g., Owner or Contributor) where specific, granular functional roles should be used (e.g., Reader, Virtual Machine Contributor, etc.). 
• “Temporary” or convenience-driven configuration access that never gets removed.

Why It Matters

Exposed ports are top targets for brute-force and credential-stuffing attacks. Overprivileged accounts turn a minor breach into a major one. Regulatory frameworks like CIS, ISO, and NIST flag this as high-right.  

What to Check Right Now

1.) Do any NSGs allow unrestricted inbound access? 
2.) Do you have more than a handful of Owner/Contributor assignments? 
3.) Are administrative ports directly exposed to the internet? 

Recommended Fixes

NSG Hardening 

• Restrict inbound access to known IP ranges only. Use IP whitelisting for administrative protocols.
• Remove public exposure entirely where possible and use Azure Bastion for secure admin access. 
• Use Azure site-to-site or point-to-point VPN to your work site or static remote sites instead of public access for resource management. 
• Enforce network hygiene and compliance with Azure Policy, including: 
  – Deny Public Inbound Ports 
  – Deny Internet Facing NSG Rules 

RBAC Hardening 

• Adopt a least-privilege roles only model.
• Favor granular roles such as: 
  – Virtual Machine Contributor 
  – Storage Blob Data Reader 
  – Key Vault Reader 
• Audit role assignments for overprivilege regularly. Example:
  az role assignment list --all --query "[?
roleDefinitionName=='Owner'].[principalName,scope]"
• Schedule recurring RBAC and NSG reviews with resource owners and identity teams.

Pro Tip: Automate the Safety Net 

To scale risk detection and remediation: 

• Use Azure Defender for Cloud and your SIEM to alert on risky NSG or RBAC configurations. 
• Enable Just-in-Time VM Access via Defender to reduce inbound port exposure during operational windows. 

2. Local Admin Accounts That Won’t Quit: The Risk of Skipping Entra ID (Azure AD) Authentication 

Local accounts are like leftover sushi: they might look fine, but they’re a hazard.  

What to Watch For (Common Symptoms) 

• VMs or workloads accessed via local admin accounts, often shared informally among teams. 
• Applications or automation authenticate with static credentials embedded in code or stored insecurely. 
• Service accounts operating without lifecycle control, MFA, or logging. 

These shortcuts may speed things up, but they bypass every layer of modern identity security. 

Why It Matters

Attackers love static secrets, and local accounts bypass modern identity controls. Entra ID bypass = no MFA, no audit trail, and a giant gap in zero-trust.  

What to Check Right Now

1.) Are any VMs or workloads still using local admin accounts? 
2.) Do any apps or scripts rely on embedded secrets? 
3.) Are service accounts operating without logging or lifecycle management? 

Recommended Fixes

Enforce Entra ID Authentication First: 

• Enable Azure AD login for all VMs to centralize authentication and logging. 
• For Windows VMs, use Azure AD joined or Hybrid Join with AADLoginForWindows VM extension. 

Replace Secrets with Managed Identities: 

• Use System-assigned or User-assigned Managed Identities for Azure resources to access other services securely. 
• Eliminate secrets stored in code, environment variables, or key vaults. 

Secure Administrative Access  

• Disable direct local admin access wherever possible. 
• Leverage Azure Bastion or Just-in-Time (JIT) VM Access for secure admin connections. 
• Enforce session expiry, logging, and MFA via Privileged Identity Management (PIM) or conditional access. 

Audit and Cleanup Local Admin Accounts: 

• Inventory all local admin accounts across VM fleets. Use PowerShell or CLI to enumerate accounts:
  Get-LocalGroupMember -Group "Administrators"
• Regularly rotate or remove local accounts not tied to valid operational workflows. 
• Schedule recurring reviews to prevent “set-and-forget” accounts.  

Pro Tip: Continuous Detection 

• Use tools like Microsoft Defender for Cloud and Microsoft Entra ID Identity Protection for continuous detection of anomalous sign-in behavior. 
• Focus on accounts that haven’t yet been migrated to Entra ID.  

3. Stale Resources and Identity Sprawl: Why Azure Cleanup Can’t Wait

Old VMs, unused accounts, orphaned disks… clutter isn’t just messy, it’s also super risky.  

What to Watch For (Common Symptoms) 

• Dormant service principals, legacy user accounts, or invalid Entra ID credentials left active. 
• Stopped or orphaned VMs, unattached disks, and retired resource groups still incurring cost or creating risk. 
• Resource sprawl caused by ad hoc deployments without naming standards, tagging, or lifecycle policies. 

Even well-managed environments accumulate this kind of “cloud waste” and unmanaged sprawl without guardrails. Not only does this create hidden risk, but it also makes audits, costs analysis, and compliance much harder than they need to be.  

Why It Matters

Dormant assets = unmonitored attack surface. Plus, they inflate costs and complicate audits.  

What to Check Right Now

1.) Any identities or service principals not used in 90+ days? 
2.) Stopped or deallocated VMs, unattached disks, or idle load balancers? 
3.) Resources missing tags or lifecycle policies? 

Recommended Fixes 

Audit Entra ID Objects: 

• Scan Entra ID users, groups, and service principals for inactivity:
  (MSOL module deprecated in April): Get-
EntraInactiveSignInUser -LastSignInBeforeDaysAgo 90 -All
• Remove or disable any identities not used in the past 90 days. 
• Rotate shared or service account credentials regularly. 

Identify Stale Azure Resources: 

• Use Azure Advisor and Cost Management to detect unused resources. 
• Enable Azure Resource Graph Explorer to query at scale across subscriptions: 
  resources
| where type == 'microsoft.compute/virtualmachines'
| extend powerState = tostring(properties.extended.instanceView.powerState.displayStatus) 
| where powerState == 'VM deallocated' or powerState == 'VM stopped' 
| project name, resourceGroup, powerState, location 
| order by name asc 

Apply Naming, Tagging, and Lifecycle Standards: 

• Adopt consistent resource naming conventions and tagging requirements for ownership, environment, and expiration. 
• Automate tagging via deployment pipelines or Azure Policy for consistency. 

Pro Tip: Automate Cleanup 

• Build recurring workflows with Azure Automation runbooks or Logic Apps.
• Flag inactive objects and notify resources owners before automatic removal.

4. Missing Logs = Blind Security: Missing Log Configuration on Azure Resources

No logs = no visibility. Without proper logging, breaches, misconfigurations, or insider activity can fly under the radar.  

Logging is the backbone of cloud observability and security. Yet, in many Azure environments, critical resources are provisioned without proper diagnostic settings, leaving teams without visibility into performance, access, or potential compromise. 

Common Symptoms 

• Resources like Virtual Machines, Storage Accounts, Key Vaults, Databases, and App Services do not have diagnostic logs enabled. 
• Logs aren’t routed to a central Log Analytics Workspace (LAW), SIEM, or secure storage. 
• Inconsistent or absent log retention policies across teams or subscriptions.  

Without logs, security teams operate blind, and incidents may only be discovered after significant damage.  

Why It Matters 

Logs are the foundation of detection, investigation, and compliance. Without them, you’re flying blind.  

What to Check Right Now

1.) Are all critical resources logging to a central destination? 
2.) Are retention policies consistent and compliant? 
3.) Are diagnostic settings deployed at scale for all subscriptions and management groups? 

Recommended Fixes 

Enforce Diagnostic Settings at Scale 

• Use built-in Azure Policies to automatically audit and deploy diagnostics, such as: 
  – Audit Diagnostic Settings 
  – Deploy Diagnostic Settings for Key Vault 
  – Audit VMs without Monitoring Agent 
• Assign these policies at management group or subscription level for wide coverage. 

Confirm Logging Across Resource Types 

• List diagnostic settings for resource groups or resource types using the CLI:
   
  az monitor diagnostic-settings list –resource-group <resource-group-name> 
  
• Identify gaps and generate a remediation plan based on priority. 

Centralize Log Routing and Retention 

• Forward logs to: 
  – A Log Analytics Workspace (LAW) for structured queries and alerts 
  – A SIEM platform (e.g., Microsoft Sentinel, Elastic, SentinelOne Singularity) for threat detection 
  – Or secure storage with immutable retention policies for compliance 

Enable Additional Monitoring Signals 

• Activity Logs: Track control-plane activity and administrative actions. 
• VMInsights: Provide rich OS-level visibility for virtual machines. 
• Defender for Cloud logs: Monitor workload-level vulnerability and threat detection. 

Pro Tip: Continuous Coverage 

• Build a “Log Coverage Report” with Azure Monitor Workbooks or custom Resource Graph queries.  
• Use this to continuously assess and visualize log gaps across all assets in your tenant. 

5. Azure Admins Without PIM or Role Controls: A Ticking Time Bomb

Without Just-in-Time (JIT) and Privileged Identity Management (PIM), a single compromised admin can put your entire environment at risk. 

What to Watch For (Common Symptoms) 

• High-privilege roles (Global Admin, User Access Administrator, Owner) assigned permanently to user accounts or groups. 
• No guardrails in place for role assignment, expiration, or user justification. 
• Lack of auditing or monitoring on administrative role usage. 

Permanent admin assignments create a latent breach vector. Attackers are big fans of accounts that never expire. 

Why It Matters 

Violates least privilege and zero trust. Attackers actively target standing admin roles to move laterally. Compliance frameworks demand temporary, auditable, controlled privileged access.  

What to Check Right Now

1.) Which users or groups hold permanent high-privilege roles? 
2.) Are there no approval workflows or time limits in place? 
3.) Is JIT VM access enabled for administrative connections? 

Recommended Fixes 

Enable Privileged Identity Management (PIM) 

• Apply PIM to all high-impact roles including: 
  – Global Administrator 
  – Security Administrator 
  – Owner, Contributor (for resource-level RBAC) 
• Enforce:
  – Time-bound access (e.g., 4-hour windows) 
  – Justification and MFA for elevation 
  – Approval workflows for sensitive roles 

Audit and Rotate Standing Privileges 

• Review all current assignments to high-privilege roles by navigating to the Azure Portal and exporting the assignment list from PIM. 
• Remove or transition permanent assignments to eligible assignments under PIM. 
• Use Continuous Access Evaluation (CAE) in Entra ID to revoke access quickly if user risk changes or session anomalies are detected. 

Apply Just-In-Time Access 

• In addition to PIM for identity roles, configure Just-in-Time VM access via Defender for Cloud. 
• This locks down inbound RDP/SSH and only opens access upon authorized request for a limited time. 

Pro Tip: Continuous Monitoring 

• Integrate audit logs from PIM and JIT into a SIEM (e.g., Microsoft Sentinel).
• Monitor privilege elevations to detect unusual patterns and get early warnings on potential misuse.  

CSPM Assessment: Fast, Focused, Continuous

Traditional audits provide only a snapshot in time. Azure environments evolve constantly, and point-in-time reviews cannot keep up. Cloud Security Posture Management, or CSPM, changes that. It delivers automated visibility, intelligent detection, and prioritized remediation, giving your team both immediate and ongoing security improvements.

Bottom line: CSPM turns “Oops, Azure did it again” into “Got it covered.”

Why CSPM Matters

Even small misconfigurations can have major consequences:

• Ransomware exposure – open ports and stale accounts are actively exploited.
• Compliance failures – HIPAA, PCI DSS, ISO 27001, and other frameworks require proper access controls and audit trails.
• Unexpected downtime – misconfigurations can disrupt critical workloads.
• Reputational damage – customers expect reliable operations, not incident disclosures.

CSPM gives you continuous, automated insight into your environment. It identifies the misconfigurations that cause the most risk, including overly permissive access, stale identities, missing logs, credential misuse, and standing admin privileges. Every finding is tied to context, severity, business impact, and compliance requirements, so you know exactly what to fix first.

With CSPM in place, you move from reacting to incidents to preventing them. From scrambling before audits to walking in prepared. From hoping you are secure to knowing exactly where you stand.

What You Get with a CSPM Assessment

A CSPM assessment from Fortress SRM is conducted by our veteran cloud security analysts using modern tooling to deliver rapid visibility, automated detection, and actionable remediation tailored to your Azure environment.

• Rapid visibility – every user, resource, and permission across your Azure tenant.
• Automated detection – misconfigurations and security gaps with context and priority.
• Actionable remediation – clear, tailored steps for your environment.
• Continuous posture improvement – structured, ongoing cloud security management.

Next Step

Do not wait for an auditor or an attacker to uncover your risks. Fortress SRM provides hands-on support and continuous improvement to help you stay ahead of threats and ensure compliance.

Contact Fortress SRM to schedule your Azure CSPM Assessment and see exactly where your risks are and how to fix them fast.

The post Oops, Azure Did It Again: 5 Risks You Can’t Ignore appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s November Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Microsoft Patch Tuesday: 
  – 63 vulnerabilities disclosed 
  – 4 rated Critical, 1 Zero-Day (actively exploited) 

• Adobe Security Updates: 
  – 29 vulnerabilities patched across 8 products 
  – 23 rated Critical, affecting InDesign, inCopy, Photoshop, Illustrator, Illustrator Mobile, Pass, Substance 3D Stager, and Format Plugins 

• High-Severity Advisories from Major Vendors: 
  – Cisco: 3 critical-severity flaws and 1 high-severity flaws, in Unified CCX, Secure Firewall ASA, Secure FTD, IOS/IOS XE/IOS XR, ISE RADIUS 
  – Fortinet: 1 medium-severity flaw in FortiOS 
  – Ivanti: 1 high-severity flaw in Ivanti Endpoint Manager 
  – SAP: 3 critical vulnerabilities in NetWeaver AS Java, SQL Anywhere Monitor, and Solution Manager
  – Google Chrome: 1 high-severity flaw fixed in security updates 
  – Mozilla Firefox: 9 high-severity flaws fixed in security updates  

• Top Threats to Watch: 
  – Microsoft Teams Exploitation – Vulnerabilities enabling impersonation, message manipulation, and spoofing in Teams 
  – Advanced Persistent Threat (APT) Activity – Increased operations by China-, Iran-, and North Korea-aligned groups 
  – AI-Driven Cyberattacks – Threat actors leveraging AI for prompt injection, social engineering, and malware  
  – Sophisticated Social Engineering Campaigns – Large-scale smishing, phishing kits like Quantum Route Redirect, and gift card fraud  

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. October’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

• What This Means for Your Organization: 
  – No more security patches or bug fixes for Windows 10 devices 
  – Increased exposure to vulnerabilities and compliance risks 

• Continued support requires either:  
  – Enrolling in Microsoft’s paid ESU program, or 
  – Upgrading to Latest Version of Windows 11 

Need help planning your transition? 
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure. 

Patch Tuesday Summary

Microsoft November 2025 Patch Tuesday 
63 vulnerabilities disclosed, including 4 critical and 1 zero-day. By category:

• 29 Elevation of Privilege 
• 16 Remote Code Execution 
• 11 Information Disclosure 
• 3 Denial of Service 
• 2 Security Feature Bypass 
• 2 Spoofing 

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

Microsoft November 2025 Security Update Release

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins

Cisco *

Cisco Security Advisories

Fortinet *

Fortinet PSIRT Advisories

Ivanti *

Ivanti November 2025 Security Update

SAP *

SAP November 2025 Security Notes

Google Chrome

• Version: 142.0.7444.175/.176 (Windows and Mac), 142.0.7444.175 (Linux) 
• Release Date: November 11, 2025 
• Key Fixes: Security fix for CVE-2025-13223 and CVE-2025-13224 

Chrome Release Notes 

Mozilla Firefox 

• Version: Firefox 145 
• Release Date: November 11, 2025 
• Key Fixes: Security fix for 9 high severity CVE’s, including CVE-2025-13021, CVE-2025-13022, CVE-2025-13012, CVE-2025-13023, CVE-2025-13016, CVE-2025-13024, CVE-2025-13025, CVE-2025-13026, CVE-2025-13027 

Firefox Release Notes

* Not handled by Fortress SRM. 

Threat Intelligence Trends – November 2025

The following resources are grouped by threat type / category. 

Emerging Threats

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed 
Check Point Research uncovered four vulnerabilities in Microsoft Teams that allowed attackers to impersonate executives, manipulate messages, spoof notifications, and forge identities in video and audio calls. Read more → 

APT Activity Report Q2 2025–Q3 2025 
ESET’s APT Activity Report for Q2–Q3 2025 highlights increased operations by China-aligned groups using adversary-in-the-middle techniques, Iran-aligned actors ramping up internal spearphishing, and North Korea-aligned hackers expanding cryptocurrency attacks into new regions like Uzbekistan. Read more → 

Preparing for Threats to Come: Cybersecurity Forecast 2026 
Google Cloud’s Cybersecurity Forecast 2026 predicts that threat actors will fully embrace AI-driven attacks, using techniques like prompt injection and AI-enabled social engineering, while defenders counter with AI agents and advanced identity management. Read more → 

Ransomware & Malware Deployment

Uncovering Qilin Attack Methods Exposed Through Multiple Cases 
The Qilin ransomware group (formerly Agenda) has emerged as one of the most prolific ransomware threats, using a double-extortion model that combines file encryption with public data leaks. Read more → 

Social Engineering Exploits

Jingle Thief: Inside a Cloud Based Gift Card Fraud Campaign 
The Jingle Thief campaign is a cloud-based gift card fraud operation exploiting Microsoft 365 environments using phishing and smishing, run by financially motivated threat actors based in Morocco.  Read more →  

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages 
The Smishing Deluge campaign, attributed to the Smishing Triad, is a large-scale, decentralized smishing operation using fraudulent SMS messages about toll violations and package misdelivery to steal sensitive data. Read more → 

Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack 
The Quantum Route Redirect phishing kit is an advanced automation platform that streamlines global phishing campaigns targeting Microsoft 365 users, turning complex setups into simple one-click launches. Read more → 

Black Friday Scams – How to Detect the Red Flags and Protect your wallet and Data 
Cybercriminals are exploiting Black Friday shopping trends with scams that use fake retail websites, phishing emails, and malicious ads to steal payment information and personal data. Read more → 

AI-Driven Threats

First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT 
LayerX discovered the first vulnerability in OpenAI’s ChatGPT Atlas browser, which allows attackers to inject malicious instructions into ChatGPT’s memory via a Cross-Site Request Forgery (CSRF) exploit. Read more →  

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools 
Google Threat Intelligence reports that threat actors have moved beyond using AI for productivity and are now deploying AI-enabled malware that dynamically generates malicious scripts and evades detection. Read more → 

HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage 
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Read more → 

Recommended Actions

Mitigations

• Apply all Microsoft November Patch Tuesday updates, prioritizing critical and zero-day CVEs (e.g., CVE-2025-62215). 
• Upgrade or enroll in Extended Security Updates (ESU) for Windows 10 devices to maintain compliance and reduce exposure. 
• Patch third-party applications promptly, especially Adobe, Cisco, and SAP products with critical vulnerabilities. 
• Harden email and collaboration platforms (Microsoft 365, Teams) against phishing and impersonation attacks by enabling safe links, anti-spoofing policies, and conditional access. 

Monitoring

• Monitor for signs of exploitation of zero-day vulnerabilities and critical CVEs in Microsoft and third-party products. 
• Track anomalous login activity, especially from new geolocations or impossible travel scenarios, to detect APT and social engineering campaigns. 
• Watch for large-scale smishing/phishing attempts and suspicious redirects (Quantum Route Redirect indicators). 
• Enable cloud app security monitoring for Microsoft 365 and Google Workspace to detect unauthorized gift card issuance or mailbox rule changes. 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy → 

The post Threat and Security Update – November, 2025 appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s October Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats. 

Quick Highlights

• Windows 10 End of Support 
  – Final patch released October 14 
  – No more updates unless enrolled in Extended Security Updates (ESU) or upgraded to Windows 11 
  – Now is the time to assess your upgrade path 
  
• Microsoft Patch Tuesday: 
  – 175 vulnerabilities disclosed 
  – 17 rated Critical, 6 are Zero-Day (3 actively exploited) 

• Adobe Security Updates: 
  – 36 vulnerabilities patched across 12 products 
  – 24 rated Critical, affecting Illustrator, FrameMaker, Creative Cloud, and more 

• High-Severity Advisories from Major Vendors: 
  – Cisco: 4 high-severity flaws, including SNMP RCE and Secure Boot bypass 
  – Fortinet: 2 high-severity flaws in FortiPAM and FortiOS 
  – SAP: 3 critical vulnerabilities in NetWeaver, Print Service, and SRM 
  – Ivanti: 5 high-severity flaws in EPMM and Neurons for MDM 

• Top Threats to Watch: 
  – Crimson Collective targeting AWS with leaked keys and extortion tactics 
  – VMware CVE-2025-41244 zero-day exploited for privilege escalation 
  – Quishing 2.0: QR code phishing attacks evolving in sophistication 
  – Ransomware Cartel: LockBit, DragonForce & Qilin collaborating 
  – Oyster Malware via fake Microsoft Teams installers 
  – Weaponized DFIR Tools: Velociraptor abused in ransomware attacks 
  – AI-Driven Threats: ShadowLeak zero-click exploit in ChatGPT; AI-generated phishing and malware 

Windows 10 Reaches End of Support

As of October 14, 2025, Microsoft has officially ended support for Windows 10. This month’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program. 

What This Means for Your Organization: 

• No more security patches or bug fixes for Windows 10 devices 
• Increased exposure to vulnerabilities and compliance risks 
• Continued support requires either:  
  – Enrolling in Microsoft’s paid ESU program, or
  – Upgrading to Windows 11 

Need help planning your transition? 
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure. 

Patch Tuesday Summary

Microsoft October 2025 Patch Tuesday 
175 vulnerabilities disclosed, including 8 critical and 6 zero-days. By category: 

• 80 Elevation of Privilege 
• 31 Remote Code Execution
• 28 Information Disclosure
• 11 Security Feature Bypass 
• 11 Denial of Service 
• 10 Spoofing 

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Days

Other Critical CVE’s Worth Mentioning

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe Security Bulletins → 

Cisco *

Cisco Security Advisories → 

Fortinet *

Fortinet PSIRT Advisories → 

Ivanti *

Ivanti October 2025 Security Update → 

SAP *

SAP October 2025 Security Notes → 

Google Chrome

• Version: 141.0.7390.107/.108 (Windows and Mac), 141.0.7390.107 (Linux) 
• Release Date: October 14, 2025 
• Key Fixes: Security fix for CVE-2025-11756 

Chrome Release Notes → 

* Not handled by Fortress SRM. 

Threat Intelligence Trends – October 2025

The following resources are grouped by threat type / category. 

Emerging Threats

Crimson Collective Targeting Cloud Environments 

A newly identified threat group, Crimson Collective, has been observed compromising AWS environments using leaked long-term access keys. They escalate privileges via IAM policies, exfiltrate sensitive data, and follow up with extortion attempts. Read more →  

Zero-Day Alert: VMware CVE-2025-41244 Privilege Escalation 

NVISO Labs identified active exploitation of CVE-2025-41244, a local privilege escalation flaw in VMware’s guest service discovery. The vulnerability allows attackers to elevate privileges and potentially pivot within virtualized environments. Read more → 

Quishing 2.0: QR Code Phishing Evolves 

Cybercriminals are refining quishing attacks using fake QR codes embedded in emails, flyers, and public spaces. These codes redirect users to phishing sites or initiate malware downloads. Read more → 

Ransomware & Malware Deployment

LockBit, DragonForce & Qilin Form Ransomware Cartel 

Three major ransomware groups have formed a criminal cartel to coordinate attacks and share infrastructure. Read more →  

Malvertising Campaign: Oyster Malware via Fake Teams Installers 

Threat actors are using SEO poisoning and malicious ads to distribute trojanized Microsoft Teams installers. These fake installers deploy Oyster (aka Broomstick), a modular backdoor that enables persistent remote access and stealthy data exfiltration. Read more → 

Velociraptor DFIR Tool Weaponized 

Threat actors are abusing the legitimate Velociraptor forensic tool to deploy ransomware like LockBit and Babuk. This marks a troubling trend of security tools being repurposed for attacks. Read more →

Group: Storm-2603 (China-based) 

Cephalus Ransomware via DLL Sideloading 

A new ransomware variant, Cephalus, uses DLL sideloading through SentinelOne binaries and RDP access without MFA. Read more → 

Cloud & Infrastructure Exploits

SonicWall SSLVPN Exploitation 

Akira ransomware actors are exploiting SonicWall VPNs using BYOVD techniques and clearing logs to evade detection. Read more → 

Discord Data Breach via Third-Party Vendor 

A breach at Discord’s support vendor exposed 70,000 government ID photos and personal data. Read more → 

Clop Claims Oracle E-Business Suite Data Theft 

The Clop ransomware group has reportedly sent extortion emails claiming to have stolen data from Oracle E-Business Suite environments. While the full scope of the breach is unclear, the tactic aligns with Clop’s recent shift toward data-centric extortion rather than encryption. Read more → 

AI-Driven Threats

AI-Powered Malware & Phishing 

Russia-linked groups are using AI to generate phishing lures and malware like WRECKSTEEL and GIFTEDCROOK. Read more → 

Zero-Click AI Exploit: ShadowLeak Vulnerability in ChatGPT 

Radware disclosed ShadowLeak, a zero-click prompt injection vulnerability in ChatGPT’s enterprise integrations. Malicious emails can silently trigger data exfiltration from OpenAI’s servers without user interaction, bypassing traditional security controls. Read more → 

Recommended Actions

Mitigations

• Prioritize patching all actively exploited zero-days from Microsoft and VMware. 
• Disable unused services on Cisco IOS XE and Fortinet appliances to reduce attack surface. 
• Enforce MFA across all cloud and identity platforms. 
• Restrict QR code scanning on unmanaged devices to mitigate quishing attacks. 
• Update endpoint protection to detect AI-generated malware variants. 

Monitoring

• Watch for suspicious authentication attempts in Azure, Fortinet, and Ivanti logs. 
• Monitor for unexpected outbound traffic from Teams or Office installations (possible Oyster malware). 
• Track file uploads and downloads in SAP SRM and Print Service environments. 
• Set alerts for SNMP activity spikes on Cisco devices (possible CVE-2025-20352 exploitation). 

Detection Tips

• Use YARA or Sigma rules to detect:  
  – Velociraptor misuse in ransomware campaigns 
  – ShadowLeak zero-click exploit indicators in AI platforms 
• Deploy honeypots or deception tools to detect brute-force attempts on FortiPAM and Secure Boot bypass attempts on Cisco IOS XE.  
• Leverage threat intel feeds to identify Crimson Collective and LockBit cartel infrastructure. 

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering 

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities. 

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management. 

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications 
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network 
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility 

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy → 

The post Threat and Security Update – October, 2025 appeared first on Fortress SRM.

But this isn’t just about avoiding service disruptions or checking a compliance box. It’s a chance to make authentication stronger, simplify management, and future-proof your identity security.

With some planning and the right tools, the migration can be smooth. At the same time, it’s a great opportunity to make your organization more secure and resilient.

The Highlights

Microsoft MFA & SSPR Retirement – Sept. 30, 2025

• Legacy MFA and SSPR policies end on September 30, 2025.
• All organizations need to migrate to Microsoft Entra Authentication Methods.
• Risks if you don’t migrate: login failures, service disruptions, compliance gaps.
• Old methods going away: security questions, SMS, voice calls.
• Modern methods available: passkeys (FIDO2), Microsoft Authenticator, certificate-based authentication.

Bottom line: Act now. Waiting likely means broken logins and weaker security.

What’s Changing

Historically, MFA and SSPR were managed separately in older portals. After September 30, 2025, those portals retire, and everything moves under Entra ID (formerly Azure AD). That means one centralized place to manage authentication and keep things consistent.

Specifically, key changes include:

• Legacy MFA policies will no longer be supported 
• SSPR policies will be retired 
• Security questions will be disabled entirely
  • To reiterate: Security questions will no longer be an option at all for resetting passwords
• Out-of-band MFA methods like SMS and voice calls will be discouraged under modern security standards such as NIST 

Entra Authentication Methods consolidates all authentication management into a single framework, making it easier to enforce secure, modern practices.  

Why This Matters

As a result, delaying migration could cause you to run into: 

• Misaligned authentication settings 
• User frustration from failed logins or password resets 
• Service disruptions 
• Security gaps from outdated methods 
• Compliance risks with NIST and other industry standards 

Beyond just meeting the deadline, this is a chance to take a closer look at your overall authentication and access policies.

A Strategic Moment to Reassess Identity Security

The MFA and SSPR retirement is mandatory, but it’s also a good time to step back and ask:

• Are we enforcing strong, phishing-resistant MFA methods? 
• Is our user experience consistent across apps and services? 
• Do we still have legacy authentication enabled? 
• Are our policies aligned with Zero Trust principles? 

This is your chance to move from “just compliant” to confident, resilient, and future-ready. 

Recommended Modern Authentication Methods

When you migrate, consider moving away from outdated methods and using:

• Passkeys (FIDO2) 
• Microsoft Authenticator 
• Certificate-Based Authentication 
• Email OTP (for SSPR only, and only for guest users if no other secure method is available) 

Avoid SMS, voice-based MFA, and security questions—they’re no longer recommended by NIST. And remember, security questions won’t be available at all for password resets.

Steps to Prepare for Migration

Here’s a practical roadmap to make sure things go smoothly:

• Assess current MFA and SSPR configurations in the legacy portals 
• Use Microsoft’s migration tool to import policies into Entra Authentication Methods 
• Test and validate new policies in a controlled group 
• Communicate changes and provide guidance to users 
• Retire old policies once the new setup is stable 

Pro Tip: Enable passwordless authentication, enforce conditional access policies, and disable legacy protocols that could expose vulnerabilities.

For official guidance: How to migrate to the Authentication methods policy – Microsoft Entra ID | Microsoft Learn

Modernize Your Authentication with Confidence

If this feels overwhelming, don’t worry. You don’t have to tackle it alone.

Our team specializes in helping organizations like yours: 

• Audit and map legacy authentication policies to understand your current setup
• Design secure, scalable Entra policies tailored to your needs
• Enable strong MFA and passwordless experiences for users
• Integrate policy changes with your broader identity and access strategies 
• Ensure a smooth, disruption-free transition 

Acting early reduces risk, avoids last-minute headaches, and makes sure your authentication practices are modern, secure, and compliant.

Don’t Just Meet the Deadline—Strengthen Your Security.

The September 30, 2025 retirement of legacy MFA and SSPR is coming up fast. This is more than a compliance task. It’s a chance to build a stronger identity security foundation.

Whether you’re just starting or already in motion, we’ll guide you through a seamless transition and uncover ways to improve your security along the way. Let’s turn this deadline into a security win for your organization.

Start the Conversation Today

Fill out the form below or connect with Kelsey on LinkedIn to get started.

The post Microsoft MFA & SSPR Retirement: Make Your Migration a Security Win appeared first on Fortress SRM.

Written by: Kelsey Clark, Fortress SRM Security Innovation & Brand Strategy Leader

The Hidden Risk Inside Your Inbox

Email is the communication backbone of modern work, but it’s also a top target for attackers.

Phishing, spoofing, and impersonation attacks exploit the fact that email was not designed with strong identity verification. As these attacks grow in sophistication, security teams face increasing pressure to protect both their organization and their people.

This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) can help.

What DMARC Does

DMARC helps receiving mail servers determine whether messages claiming to come from your domain are legitimate.

When implemented correctly, it reduces the risk of attackers impersonating your organization, protecting your employees, customers, and brand reputation.

While primarily a security tool, DMARC also supports trust and compliance by:

• Demonstrating that your emails are legitimate.
• Providing visibility into who is sending email on behalf of your domain.
• Helping you meet email authentication requirements that may support regulatory compliance.

How DMARC Works

DMARC builds on two key email authentication technologies:

• SPF (Sender Policy Framework): Verifies the sending server is authorized.
• DKIM (DomainKeys Identified Mail): Uses cryptographic signatures to ensure integrity.

On their own, SPF and DKIM are useful but incomplete. SPF can fail in forwarding scenarios, and not all senders consistently sign with DKIM. DMARC strengthens protection by requiring that at least one of these technologies passes and that the domain used aligns with the visible “From” header. This alignment check makes impersonation much harder.

• SPF Alignment: Confirms the sending server is authorized and its domain matches the “From” domain.
• DKIM Alignment: Confirms the message signature is valid and the signing domain matches the “From” domain.

If either SPF or DKIM aligns, DMARC passes. If neither aligns, DMARC applies the policy you’ve set—monitor, quarantine, or reject.

The diagram below illustrates this difference: before DKIM, DMARC relies solely on SPF alignment. After DKIM, DMARC can validate alignment with either SPF or DKIM, providing stronger, more reliable protection against spoofing.

Throughout this process, DMARC also generates reports that give you visibility into who is sending emails on behalf of your domain and which messages fail authentication. This combination of verification, alignment, policy enforcement, and reporting reduces spoofing, improves trust in your emails, and gives you actionable insight into your email ecosystem.

⚠️ Limitations: DMARC stops exact-domain spoofing, but not lookalike domains or compromised accounts.

It’s important to note that DMARC primarily protects against exact-domain spoofing. Lookalike domains, display name impersonation, and compromised accounts can still bypass these checks. For complete protection, DMARC should be implemented as part of a broader, layered email security strategy.

Why DMARC Matters for Your Organization

Email-based impersonation isn’t just an IT issue, but it’s a major business risk.

Without DMARC, there’s a better chance attackers can:

• Send fake invoices or phishing emails that put customers at risk
• Trick employees into sharing credentials or sensitive data
• Damage your organization’s reputation

With DMARC, you gain:

• Trustworthiness: Your emails are verifiable
• Visibility: Reports show domain usage
• Control: You decide how unauthorized emails are handled
• Confidence: Supports compliance and customer trust

Best Practices for Implementing DMARC

Rolling out DMARC isn’t a one-click solution. A strategic, phased approach will help you protect your domain without disrupting legitimate email flow.

1. Start with Monitoring: Use a “none” policy to gather data without impacting delivery.
2. Align SPF and DKIM: Ensure both are correctly configured and aligned with your “From” domain (strict vs. relaxed alignment per RFC 7489).
3. Sign Outgoing Mail: Use DKIM on all messages to verify authenticity.
4. Review Reports: DMARC aggregate (RUA) and forensic (RUF) reports are in XML format and difficult to read. You’ll need proper tooling to parse and act on them. Analyze who is sending emails on your behalf.
5. Gradually Enforce: Move from “none” to “quarantine” or “reject” to actively block spoofed messages, but be cautious. Jumping too quickly to “reject” can break legitimate third-party senders (CRMs, payroll services, marketing automation).
6. Include Subdomains: Protect all parts of your domain.
7. Educate Your Team: Train employees on phishing risks and DMARC’s role in your policy.
8. Maintain and Evolve Your Setup: Email infrastructure changes over time. Keep DMARC records up to date, and review policies regularly.

Beyond DMARC: Layered Security

DMARC is powerful, but most effective when combined with broader security measures:

• Ongoing user awareness training, including interactive tabletop exercises.
• Regular patching and proactive cybersecurity measures to maintain strong cyber hygiene. 
• Incident response planning to prepare your team for attacks before they happen.

Fortress SRM Can Help

Email spoofing and phishing aren’t going away, but DMARC gives your organization a strong defense. Implementing it can be complex, but you don’t have to go it alone.

The Fortress Security Risk Management team provides hands-on support for DMARC and broader email security as part of a holistic cybersecurity strategy. We work alongside you to identify risks, strengthen defenses, and simplify complexity. With our co-managed services, you get the right mix of guidance and support to match your security maturity, making security clear and manageable.

Take Action Today

Request your Fortress SRM DMARC assessment and start protecting your domain, your customers, and your business.

Fill out the form below or connect with Kelsey on LinkedIn to start the conversation.

The post DMARC: Strengthening Trust in Your Email Domain appeared first on Fortress SRM.

Stay up to date on critical cyber risks, Microsoft’s August Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protect your business from threats.

The following resources are grouped by threat type / category.

Recent in Threat Intelligence News

Ransomware and AI-Enhanced Attacks

• Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
• Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims
• #StopRansomware: Interlock | CISA

Vulnerabilities / Exploits

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Malcure Vulnerability (CVE-2025-6043) Risks 10,000+ Sites
• Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
• UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
• SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers
• 1-Click Oracle Cloud Code Editor RCE Flaw Allows Malicious File Upload to Shell

Phishing and Social Engineering

• Scanception: A QRiosity-Driven Phishing Campaign
• The Cost of a Call: From Voice Phishing to Data Extortion
• Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics

DDoS / Network Attacks

• Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack

Malware / RATs

• KongTuke FileFix Leads to New Interlock RAT Variant

Data Breaches / Trends

• US Data Breaches Head for Another Record Year After 11% Surge

Patch Tuesday

Microsoft August 2025 Patch Tuesday
108 vulnerabilities disclosed, including 13 critical and 1 zero-day. By category:

• 44 Elevation of Privilege
• 35 Remote Code Execution
• 18 Information Disclosure
• 9 Spoofing
• 4 Denial of Service

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Day

• CVE-2025-33053 – Windows Kerberos Elevation of Privilege Vulnerability
  – Windows Kerberos vulnerability allows an authenticated attacker to gain domain administrator privileges through relative path traversal. Microsoft states an attacker would need elevated access to msds-groupMSAMembership and mdsd-ManagedAccountPrecededByLink attributes to exploit the flaw.
  – Vulnerability is publicly disclosed but is not actively being exploited in the wild.

Other Critical CVE’s Worth Mentioning

• CVE-2025-53793 – Azure Stack Hub Information Disclosure Vulnerability
• CVE-2025-49707 – Azure Virtual Machines Spoofing Vulnerability
• CVE-2025-53781 – Azure Virtual Machines Information Disclosure Vulnerability
• CVE-2025-50176 – DirectX Graphics Kernel Remote Code Execution Vulnerability
• CVE-2025-50165 – Windows Graphics Component Remote Code Execution Vulnerability
• CVE-2025-53740 / 53731 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-53784 / 53733 – Microsoft Word Remote Code Execution Vulnerability
• CVE-2025-48807 – Windows Hyper-V Remote Code Execution Vulnerability
• CVE-2025-53766 – GDI+ Remote Code Execution Vulnerability
• CVE-2025-50177 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe released emergency updates for two zero-day flaws in Adobe Experiece Manager (AEM) Forms on JEE after a proof-of-concept exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. These zero-day vulnerabilities are described below.

• CVE-2025-54253 – Misconfiguration allowing arbitrary code execution. Rated “Critical” with a CVSS score of 8.6.
• CVE-2025-54254 – Improper Restriction of XML External Entity Reference (XXE) allowing arbitrary file system read. Rated “Critical” with a maximum-severity 10.0 CVSS score.

Adobe also released 13 patches covering a total of 85 vulnerabilities. Of these, 38 of the flaws are rated as critical. The flaws could lead to application Denial-of-Service, arbitrary code execution, arbitrary file system read, memory leak, privilege escalation, and security feature bypass within varying Adobe products, listed below.

• Animate
• Commerce
• Dimension
• FrameMaker
• Illustrator
• InDesign
• InCopy
• Photoshop
• Substance 3D Modler
• Substance 3D Painter
• Substance 3D Sampler
• Substance 3D Stager
• Substance 3D Viewer

Android

Google has released security patches for six vulnerabilities in Android’s August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.

Cisco *

• CVE-2025-20281 / 20282 / 20337 – Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
• CVE-2025-20274 – A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
• CVE-2017-6736 / 6737 / 6738 – The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Fortinet *

• CVE-2024-26009 – [HIGH] Weak Authentication FGFM Protocol in FortiOS, FortiProxy & FortiPAM
• CVE-2025-25248 – [MEDIUM] Integer Overflow in FortiOS, FortiPAM and FortiProxy SSL-VPN RDP and VNC bookmarks
• CVE-2025-53744 – [MEDIUM] Incorrect Privilege Assignment in FortiOS Security Fabric
• CVE-2023-45584 – [MEDIUM] A double free vulnerability in FortiOS, FortiProxy & FortiPAM administrative interfaces
• CVE-2024-52964 – [MEDIUM] An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in FortiManager & FortiManager Cloud

Google Chrome

• Updated Version – 139.0.7258.127/.128 for Windows, Mac and 139.0.7258.127 for Linux.
• Chrome Release: August 12th, 2025

Ivanti *

• Ivanti has released updates for Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC), and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access, which address 3 medium severity vulnerabilities, and 4 high severity vulnerabilities.
• August 2025 Security Update | Ivanti

SAP *

In August 2025, SAP Security Patch Day saw the release of 15 new Security Notes and 4 updates to previously released Security Notes.

TrendMicro *

TrendMicro released a mitigation tool to protect against recently discovered command injection remote code execution (RCE) vulnerabilities on Apex One Management Console (on-premise).

WinRAR

WinRAR released a security update for an actively exploited path traversal bug that could lead to remote code execution.

7-Zip

7-Zip released a security update for a path traversal flaw that could lead to RCE.

* Not handled by Fortress SRM.

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities.

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management.

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy →

The post Threat and Security Update – August, 2025 appeared first on Fortress SRM.