Insights

At Critical Path Security, we've always believed that cybersecurity is about more than firewalls, alerts, and incident response-it's about people, community, and resilience. Today, we're proud to announce a new chapter in our journey: we've joined the Atlanta Falcons Associate Partner Program. This partnership, spanning the next three seasons, is an opportunity to strengthen our presence in the Southeast and continue connecting with the industries and communities we protect every day. Why the Falcons? The Falcons stand as a symbol of grit, discipline, and teamwork-the same qualities we've built our company on. Just like the game on the field, cybersecurity is about anticipating threats, adapting strategies in real-time, and delivering results under pressure. Aligning with the Falcons allows us to bring that message to a wider audience while showing that strong defense isn't just for the gridiron. What This Means for Our Clients and Community As an Atlanta Falcons Associate…

Nation-state actors continue to sharpen their tools and broaden their reach. A newly released Joint Cybersecurity Advisory (CSA) from NSA, CISA, FBI, and allied partners around the world details how Chinese state-sponsored threat actors are compromising telecommunications, government, transportation, lodging, and even military infrastructure networks across the globe. These operations, which overlap with industry-tracked groups such as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, focus on large backbone routers, provider edge devices, and customer edge routers. Once inside, adversaries use trusted connections to pivot into additional networks, modifying configurations to maintain long-term, persistent access. What the Advisory Reveals The advisory lays out the tactics, techniques, and procedures (TTPs) used by these actors, mapped to the MITRE ATT&CK framework. Key points include: Initial Access: Exploitation of well-known CVEs (including Ivanti, Palo Alto, and Cisco vulnerabilities such as CVE-2023-20198 and CVE-2024-3400). Zero-day use has not been observed to date. Persistence: Modifying…

Critical Path Security is proud to announce that our CEO, Patrick Kelley, has been selected to speak at the 20th Annual API Cybersecurity Conference for the Oil & Natural Gas Industry, taking place November 11-12, 2025, at The Woodlands Waterway Marriott in The Woodlands, Texas. Patrick will present his session, "Cybersecurity in Crisis: Managing Mental Health in High-Stress Environments," as part of the Addressing the Human Element track. This important discussion will focus on the often-overlooked mental health challenges faced by cybersecurity professionals-especially those tasked with defending critical infrastructure in high-pressure, high-stakes situations. The API Cybersecurity Conference is one of the premier gatherings for cybersecurity leaders in the oil and natural gas industry. Now in its 20th year, the event brings together industry experts, operators, and technology innovators to address the evolving security landscape and share solutions that strengthen resilience across the sector. Session Details: Title: Cybersecurity in Crisis: Managing…

Cisco has released a critical security update addressing an unauthenticated remote code execution (RCE) vulnerability-CVE-2025-20265-in its Secure Firewall Management Center (FMC) Software. With the maximum CVSS score of 10.0, this flaw demands immediate attention from network defenders. What's the Threat? This vulnerability resides in the RADIUS subsystem of Cisco Secure FMC, specifically affecting versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for either the web-based management interface or SSH access. Due to improper input handling during authentication, attackers can inject shell commands via crafted credentials, executed with high privilege on the target system. Why It's Alarming Maximum Severity (CVSS 10.0): Indicates easy exploitability with catastrophic impact. No Privileges Required: The attack requires no prior authentication or user interaction. High Impact on Availability & Integrity: If exploited, attackers gain full control over firewall management. No Workarounds Available: Only timely patching will eliminate this threat. No Known Exploits Yet: Cisco currently…