Burgi Technologies, 2522 Chambers Road, Suite 100, Tustin, CA (2026)

05/28/2026

If your business uses Fortinet FortiClient endpoint security, there is an active exploitation campaign you should know about right now.

Researchers at Arctic Wolf discovered that attackers are exploiting CVE-2026-35616, a vulnerability in FortiClient EMS (the central management server). What makes this effective: attackers do not target individual devices. They compromise the management server and use it to push malware to every managed endpoint at once.

The malware (EKZ Infostealer) steals saved passwords from Chrome, Edge, and Firefox - and session cookies that can bypass MFA on Microsoft 365 and cloud applications.

Three things to check today:
1. Is FortiClient EMS patched against CVE-2026-35616?
2. Is management port 8013 restricted to trusted IPs?
3. Any unexpected scripts in VPN Remote Access Profiles?

Full breakdown with IOCs and step-by-step remediation on our blog.

Attackers are actively exploiting CVE-2026-35616 in FortiClient EMS to steal passwords and bypass MFA. Here's what to do if your business uses Fortinet.

05/21/2026

New on the blog: 71% of organizations were hit by identity breaches last year - mostly through stolen credentials and accounts that were never cleaned up after employees left. We broke down where these breaches actually come from and what small businesses can do about it. Practical guide, no scare tactics.

71% of orgs hit by identity breaches in 2026. Practical steps for small businesses to close credential security gaps before they become costly.

05/19/2026

MFA is one of the best defenses you can put in place - but there is a technique that bypasses it completely without touching your password or triggering a prompt.

OAuth consent phishing works by tricking users into approving a fake app permission during a real Microsoft login. Once granted, attackers have a refresh token that persists for weeks - even after a password reset.

We just published a breakdown of how this works, the Microsoft 365 settings that actually stop it, and what to do if you think your team may have been targeted.

If your business runs on M365, this one is worth reading.

OAuth consent phishing bypasses MFA completely. Learn how attackers steal M365 refresh tokens and the exact settings to lock your tenant down.

05/19/2026

OAuth consent phishing bypasses MFA completely - no stolen password, no MFA prompt. New blog post explains how it works and the Microsoft 365 settings that stop it:

OAuth consent phishing bypasses MFA completely. Learn how attackers steal M365 refresh tokens and the exact settings to lock your tenant down.

05/14/2026

Most small businesses have decent security tools. What they are missing is someone responsible for security strategy. That gap is what a virtual CISO fills - at a fraction of a full-time hire cost. We broke down what a vCISO does, what it costs, and how to tell if your business needs one.

Can't afford a full-time CISO? A virtual CISO gives SMBs senior cybersecurity leadership at a fraction of the cost. Here's what to know.

05/07/2026

Windows users - there is an important patch to verify this week.

CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities list with a May 12 deadline. What makes this flaw notable: it resulted from an incomplete February patch, leaving a zero-click credential theft vulnerability open.

Just browsing to a folder containing a malicious shortcut file is enough to trigger an automatic NTLM authentication handshake - handing your Windows password hash to an attacker without any clicks.

The fix is already out. It shipped in April 2026 Patch Tuesday. Go to Settings > Windows Update and confirm the April update is installed.

We wrote a full breakdown covering how this works, how to check your patch status, and additional hardening steps worth reviewing.

https://www.burgitech.com/blog/cve-2026-32202-windows-ntlm-cisa-patch-deadline

Patch management is one of the most effective things you can do to reduce risk. This is a timely one to verify.

An incomplete Windows patch left a zero-click credential theft flaw active. CISA has ordered a May 12 fix deadline. Here is what to check and what to do.

05/05/2026

Four popular software tools had their official downloads weaponized in 2026. The latest: DAEMON Tools - active today.

The installers came straight from the vendor website. Signed with legitimate certificates. Normal in every way you would check. And yet anyone who installed certain versions since April 8 may have a backdoor on their machine.

We put together a guide covering what happened, how to check if you are affected, and the practical steps that actually reduce your exposure. Worth 5 minutes if your team uses any third-party software tools.

Learn what supply chain attacks are, which software was hit in 2026, and practical steps to protect your business from compromised official downloads.

04/30/2026

A state-sponsored backdoor called Firestarter is surviving patches on Cisco firewalls, and CISA just issued an emergency directive about it. If your business runs Cisco ASA, Firepower, or Secure Firewall appliances, the malware persists through standard patching and reboots. A physical hard reset is the only way to remove it. We put together a practical walkthrough covering which devices are affected, how to check your exposure, and step-by-step remediation.

CISA issued an emergency directive for the Cisco Firestarter backdoor that survives patching. Here is what small businesses running Cisco firewalls should do.

04/23/2026

Microsoft just released patches for 163 security vulnerabilities, including two zero-days - one already being used in active attacks against SharePoint servers.

Here is what matters most for businesses:

🛡️ SharePoint Server spoofing flaw (CVE-2026-32201) is being exploited now. CISA set an April 28 patching deadline.
🔑 Microsoft Defender privilege escalation lets attackers gain full system control.
📧 Three Critical Office vulnerabilities can execute code just from previewing a document in Outlook.

We put together a practical breakdown with a prioritized patch list and step-by-step guidance for small and mid-sized businesses.

Full details and patch priority list:

Microsoft patched 163 vulnerabilities including 2 zero-days in April 2026. Here is what SMBs need to patch first and how to stay protected.

04/21/2026

A ransomware negotiator just pleaded guilty to secretly working WITH the hackers he was supposed to be protecting his clients from.

Three cybersecurity professionals fed confidential client data to the BlackCat ransomware gang, then started deploying ransomware themselves. The DOJ seized $10 million in assets.

This is a good reminder for any business that outsources IT: trust your vendor, but verify their practices. Our latest blog breaks down a practical 7-step checklist for vetting IT security providers.

🔒 What to ask about internal access controls
📋 Which certifications actually matter
🔍 Red flags that signal trouble

Full guide here:

A ransomware negotiator pleaded guilty to helping attackers. Learn how to vet your IT security vendors and protect your business from insider threats.

Burgi Technologies

05/28/2026

05/21/2026

05/19/2026

05/19/2026

05/14/2026

05/07/2026

05/05/2026

04/30/2026

04/23/2026

04/21/2026

Address

Website

Alerts

Shortcuts

Share

Category