TrustPoint Blog

CrowdStrike LogScale has become one of the a go-to solutions for many organizations that need real-time visibility into their environments. But a newly disclosed critical vulnerability is a stark reminder that even the most trusted tools can introduce serious risk if left unpatched—especially in self-hosted deployments. This issue, tracked as CVE-2026-40050, carries a CVSS score of 9.8 (Critical). It affects LogScale Self-Hosted GA versions 1.224.0 through 1.234.0 and LTS ver

A new strain of password-stealing malware is raising serious concerns for businesses by targeting the very tools employees rely on every day—web browsers like Chrome, Edge, and Firefox. This threat is designed to quietly extract stored credentials, session cookies, and authentication data directly from the browser, giving attackers access to accounts without needing to “hack” passwords in the traditional sense. Because modern browsers often store login sessions and autofill c

A critical vulnerability has been identified in Fortinet security appliances that could allow attackers to gain unauthorized access to systems without proper authentication. In certain configurations, this flaw can be exploited to bypass login protections, effectively allowing a threat actor to impersonate a legitimate user or gain access without valid credentials. Because these devices are typically deployed at the edge of a network—protecting internet traffic, VPN access, a

A newly observed cyberattack campaign is highlighting just how quickly modern vulnerabilities can be weaponized at scale. Attackers are exploiting a critical flaw in widely used web applications to gain unauthorized access to systems, allowing them to execute commands remotely and extract sensitive data. What makes this especially dangerous is how simple the initial attack can be—requiring only a specially crafted request to gain entry into vulnerable environments. Once insid

In a critical move to safeguard users, Google has released an emergency update for its Chrome browser, targeting a serious zero-day vulnerability that's already under active exploitation. Identified as CVE-2026-2441, this flaw involves a use-after-free memory issue within the browser's Cascading Style Sheets functionality. As the first such zero-day reported in 2026, it poses a significant threat by potentially allowing attackers to crash the browser or corrupt data. The vuln

A recent Windows security update released in late January has introduced serious stability problems for a number of Windows 11 systems, raising concerns across the business and IT community. While the update was intended to improve security and system reliability, many organizations have reported that it is instead triggering system crashes, black screens, and in some cases complete boot failures that prevent computers from starting at all. One of the most severe issues being

Every day it feels like the world changes and businesses can barely keep up with protecting themselves. The biggest threats aren’t always coming from new malware strains or stealthy phishing campaigns — they’re also coming from trusted security software itself. A recent wave of cyberattacks has shown how threat actors are weaponizing legitimate security tools to disable endpoint defenses like antivirus and EDR (Endpoint Detection and Response) before launching destructive at

If you’ve recently installed the latest Windows 11 update and found Microsoft Outlook behaving badly — freezing, crashing, or refusing to reopen — you’re not alone. A recent security update for Windows 11 has introduced a serious compatibility problem with the classic Outlook desktop client that’s affecting many users, especially those with POP-configured accounts or data files stored in cloud folders like OneDrive or Dropbox. What the Problem Looks Like After applying the mo

Browser extensions are incredibly useful tools. They can add features like productivity boosters, video helpers, new tab widgets, and more directly to your browser. But what many people don’t realize is that this convenience can come with serious hidden risks. Recently, a massive malware campaign was uncovered that highlights just how vulnerable browser extensions can be—and how quietly a threat can operate. A Long-Running Malware Operation Over a span of more than seven year

If your business is still running Windows 10, you’re now facing a critical decision point. Microsoft ended support for Windows 10 October 14, 2025 . After that date, Windows 10 devices no longer received security updates, feature updates, or technical support—leaving them at elevated risk. But here’s the twist: Microsoft is offering an extension  via the “Extended Security Updates” (ESU) program—effectively giving you extra time to secure your systems. The catch? You need to

If your organization is running Windows 11 (versions 24H2 or 25H2) or even Windows 10 22H2 (you should not be running Windows 10 unless you have paid for extended security updates), there’s a serious issue you need to know about: a recent update has been confirmed to trigger the BitLocker recovery screen  unexpectedly on affected machines. What’s happening? After installing the October 2025 update (and subsequent patches) on certain devices, users may be prompted to enter the

Right now, a critical flaw in Microsoft's Windows ecosystem is being actively exploited by attackers, putting countless systems at risk. If you're running Windows Server, Windows 10, or Windows 11, this is your wake-up call: apply those security updates immediately. Delaying could mean handing over the keys to your network on a silver platter. The Hidden Danger in Your Network Backbone At the heart of this crisis is a high-severity vulnerability that allows attackers with aut

We’ve observed an unsettling shift in the threat landscape: attackers are now weaponizing Windows Defender Application Control (WDAC)...

As technology advances, so do the tactics of cybercriminals, and our seniors are increasingly in the crosshairs of a devastating scam...

Hacker using phishing technique to steam gmail credentials A sophisticated phishing campaign targeting Gmail users has emerged,...

FortiNet exploit allows hackers to gain full control A critical security flaw, CVE-2024-26009, has been identified in several Fortinet...

Windows account vulnerability identified putting users at risk A newly uncovered vulnerability in Windows has exposed a critical...

Google Account data hacked putting hundreds of millions at risk In June, a sophisticated cyberattack compromised one of Google’s internal...

A newly identified integer-overflow vulnerability in VMware ESXi—tracked as CVE-2025-41236 —is putting enterprise environments at...

Hacker's continue to find exploits to target businesses. Cybercriminals are now leveraging Microsoft 365’s “Direct Send” feature to...