CISA just added a Microsoft SharePoint Server RCE to its KEV catalog - actively exploited in the wild today. SharePoint powers M365 collaboration for hundreds of thousands of orgs. If you manage it on-prem or hybrid, stop and patch it now. #cybersecurity#MSP
Attackers just launched 81 million password-spray attempts against M365 in two weeks. One campaign. Non-stop. If your accounts aren't locked down with MFA and Entra sign-in policies, you're the target. Check your sign-in logs today. #cybersecurity#M365#MSP
Fake OpenAI org invites are targeting cybersecurity firms. The irony: attackers are using AI brand trust to phish the people paid to stop exactly this. If your team gets a vendor invite, verify the domain before clicking. #cybersecurity#phishing#MSP
https://t.co/YMtAGB1QRm
New "bucket hijacking" attack silently reroutes your cloud audit logs and telemetry to attacker storage — no alerts, no noise. You think you’re watching your infrastructure. Attackers are. Lock down bucket policies now. #cybersecurity#cloudsecurity#MSP
https://t.co/KZ6Tiy377j
AIR built a fake AI agent skill, got it past Cisco and NVIDIA scanners using a mutable link, and reached 26,000 agents. Static scanning misses post-install changes. AI agent marketplaces are now a supply chain attack surface. #cybersecurity#AIsecurity#MSP
Five Eyes warned June 22: next-gen AI will transform offensive hacking on a timeline measured in months, not years. Frontier models like Mythos and GPT-5.5-Cyber are already here. Security postures built for 2025 are already behind. #cybersecurity#AIsecurity#MSP
The average data breach now costs a small business $3.31M. 43% of all cyberattacks target SMBs — but only 34% have a written response plan. That gap is the whole problem. If your response plan isn't documented, it doesn't exist when you need it. #cybersecurity#SMB#managedIT
SOCRadar: 86,644 Fortinet devices compromised as of June 19. Generic admin accounts (35%) and built-in system accounts (28%) are the top credentials used. If your Fortinet gear runs shared or default admin creds, it's already on the active list. #cybersecurity#MSP#Fortinet
Shadow AI moved past data leakage. The real problem is AI agents running with enterprise access no one reviewed. Business units spin them up faster than security can track. If you don't know what your AI agents can touch, that's your attack surface. #AIsecurity#cybersecurity
Google just patched Chrome's 5th zero-day of 2026 — another emergency fix, another actively exploited flaw in the browser running on nearly every business device. Five zero-days in six months isn't a streak. It's a pattern. Update Chrome now. #cybersecurity#MSP#Chrome
Mastra AI's npm ecosystem was compromised today: a hijacked contributor account pushed easy-day-js — a typosquat infostealer — into 144 packages. Every CI runner that ran npm install is at risk. Microsoft confirmed it. Audit your pipelines now. #cybersecurity#supplychain#MSP
Slow IT support costs more than the ticket.
Every delay turns into lost focus, stalled work, frustrated employees, and sometimes missed revenue.
Business owners shouldn't measure IT by whether someone eventually responds. Measure it by how much time your team gets back.
Cyber insurance renewals are getting stricter. For many businesses, "we have antivirus" is not enough anymore.
Expect questions about MFA, backups, EDR, patching, access controls, and security training.
Fix the gaps before the renewal packet hits your inbox.
New RaaS gang The Gentlemen hit #2 by victim count — by offering affiliates 90% of each ransom vs the standard 80%. Better cut = better talent = faster spread. 478 victims, 66 countries, worm capability. Ransomware is competitive. SMBs are the product. #cybersecurity#MSP
The US treated AI like a weapon — literally. A bypass to Fable 5 exposed Anthropic's Mythos hacking model to foreign adversaries. The US ordered it offline. Anthropic killed access for everyone. AI-powered cyber offense is now export-controlled. #AIsecurity#cybersecurity
A researcher dropped a Microsoft Defender zero-day — "RoguePlanet" — just hours after June Patch Tuesday. It grants full SYSTEM privileges. The tool protecting your endpoints just became an escalation path. Layered security isn’t optional. #Cybersecurity#ZeroDay#MSP
CISA just cut the federal patch deadline from 15 days to 3 days for critical exploited flaws — AI threats are shrinking the window that fast. If the government can't justify 15 days anymore, your 30-day patch cycle is already indefensible. #Cybersecurity#MSP
Device code phishing went mainstream: 37x spike in detections and 18 attack kits in the wild. Once nation-state tradecraft — now criminal commodity. One approval click and attackers own your M365 session. No password needed. #cybersecurity#phishing#MSP
Microsoft's June Patch Tuesday just dropped: 200 vulnerabilities patched, including 3 zero-days — YellowKey, GreenPlasma, and MiniPlasma. Attackers scan for unpatched systems within hours. If clients aren't patched this week, the window is closing. #cybersecurity#MSP#Windows