Insights

This past weekend at Calabogie Motorsports Park was a reminder that in both racing and cybersecurity, you can bring your absolute best - but sometimes the unexpected still forces you to adapt. Ryan Vargas and the Critical Path Security #28 team came into the weekend strong, showing impressive pace during practice. Ryan found excellent long-run speed, which translated into a solid qualifying performance, starting P8 for Sunday's race. At the green flag, Ryan quickly settled into seventh, poised for a smart, consistent run. The plan was clear: manage the car, hold position, and be ready to capitalize later in the race. But after 14 laps, the team's race took an unexpected turn - a motor failure ended the day far earlier than planned. While the result wasn't what the team was aiming for, the pace and preparation proved that the #28 has speed to contend. Ryan summed it up best:…

We are proud to announce that Patrick Kelley, CEO of Critical Path Security, will be the opening speaker at this year's Minnesota Power Systems Conference (MIPSYCON). Patrick will take the stage on Tuesday, November 4, 2025, from 8:15 to 9:05 a.m. to address an often-overlooked topic in the cybersecurity and power systems space: Mental Health and Burnout. The cybersecurity industry-especially in critical infrastructure-operates under constant pressure. The stakes are high, downtime is rare, and the stress can take a real toll on the people behind the controls. Patrick's talk will explore: Recognizing the early signs of burnout Understanding the cumulative impact of stress in high-stakes work Building sustainable practices for individuals and organizations This session will set the tone for the conference, emphasizing the importance of maintaining not just operational security, but the well-being of those who safeguard it. If you're attending MIPSYCON, join Patrick at 8:15 a.m. on November…

Organizations leveraging Fortinet FortiGate or Citrix Netscaler technologies should be aware of active exploitation attempts originating from the IP range 178.22.24.0/24, attributed to AS209290 (GALEON-AS), a network registered to Galeon LLC, based in Moscow, Russia. Security analysts have observed sustained malicious activity from this range, with evidence suggesting an automated campaign aimed at vulnerable perimeter systems. Indicators of Compromise (IOCs) Sample IP addresses involved in the attack activity: CopyEdit178.22.24.11 178.22.24.12 178.22.24.13 178.22.24.14 178.22.24.15 178.22.24.17 178.22.24.18 178.22.24.20 178.22.24.21 178.22.24.23 178.22.24.24 All of the above belong to the subnet 178.22.24.0/24, which should be treated as hostile and blocked where appropriate. Associated Vulnerabilities This threat activity aligns with known exploit patterns targeting the following critical vulnerabilities: Fortinet CVE-2023-27997 — FortiOS & FortiProxy SSL-VPN RCE ("XORtigate")[Unauthenticated RCE via heap-based buffer overflow][CVSS: 9.8] CVE-2022-40684 — FortiOS & FortiProxy Authentication Bypass[Enables attacker to modify system configurations via crafted requests][CVSS: 9.6] Citrix Netscaler CVE-2023-3519 — Citrix ADC…

SonicWall has issued a security advisory addressing a critical vulnerability in its SMA 100 series VPN appliances that could allow authenticated attackers to execute arbitrary code on affected devices. The flaw, tracked as CVE-2025-40599, affects firmware versions 10.2.1.15-81sv and earlier. The vulnerability is located in the web management interface and permits an authenticated administrator to upload malicious files, which can lead to remote code execution (RCE). SonicWall has released an updated firmware version-10.2.2.1-90sv-to mitigate this risk and urges all customers to update immediately. While SonicWall states there is no evidence of active exploitation, the company also confirmed that threat actors are actively targeting these systems, particularly those with previously stolen administrative credentials. The urgency is compounded by Google's Threat Intelligence team, which uncovered a backdoor campaign linked to threat group UNC6148. This campaign used the OVERSTEP malware to maintain persistent access-even on patched systems-and steal credentials over extended periods. In…