TorchLight Secured & Managed It

TorchLight Secured & Managed It TorchLight Secured & Managed IT is an established provider of Information Technology and Information Security services across the United States.

Would your team second-guess a link that points to the real chatgpt website?Most people wouldn't, and that's the problem...
06/03/2026

Would your team second-guess a link that points to the real chatgpt website?

Most people wouldn't, and that's the problem.

Criminals are now hiding malware on pages hosted right on ChatGPT and Claude. Because the link is a genuinely trusted AI domain, the usual advice to check the URL before clicking silently fails. The trap is a fake “ChatGPT is busy, download our app” page that serves malware disguised as the desktop app.

Security researchers call it the LLMShare attack, and it's the same social engineering as last year’s ClickFix scam, just wearing a brand everyone trusts. Whether your business already leans on AI tools or is only starting to, the time to put guardrails in place is now.

We walk through how it works, and how to protect your team, in the article linked in the comments.

05/29/2026

A time lapse of the 2 hour storm passing through last night .Pretty gnarly storm for our section of the country.

Nearly half of all exploited zero-days last year targeted edge infrastructure: firewalls, VPNs, and security appliances....
05/29/2026

Nearly half of all exploited zero-days last year targeted edge infrastructure: firewalls, VPNs, and security appliances. For healthcare clinics, community banks, and wealth management firms, that's a wake-up call.

Your perimeter devices run with high privilege and are often the least monitored. New vulnerabilities in Cisco, VMware, and others are already active. If you'd like to discuss how to strengthen your defenses, we're here to help.

Device Login Phishing is spreading faster than most security teams have heard about.Over 340 organizations: Credit Union...
05/27/2026

Device Login Phishing is spreading faster than most security teams have heard about.

Over 340 organizations: Credit Unions, Healthcare Practices, Law Firms, Nonprofits, you name it; fell victim to a new attack that bypasses both MFA and password-based defenses.
Employees did everything right. They went to a real Microsoft login page and entered real multifactor authentication, and were still compromised.

The real worry? This attack works because most mid-market organizations have never disabled or restricted device code flow.
Regulators at the NCUA, OCR, and SEC are now watching for these breaches because token-based compromise is harder to detect than password theft.

View our Full Blog Post in the comments!

The deadline to patch was on May 12th. ConnectWise ScreenConnect Vulnerability!If you haven't patched yet, do so immedia...
05/14/2026

The deadline to patch was on May 12th.

ConnectWise ScreenConnect Vulnerability!

If you haven't patched yet, do so immediately!

Click the link below to view the full Blog Post and learn more!

05/11/2026

PALO-ALTO FIREWALLS are being actively exploited right now, and patches don't land until May 13.

If you run a credit union, RIA, or healthcare clinic, Palo Alto Networks firewalls protect your perimeter.

That's true for an estimated 70%+ of mid-market organizations in regulated industries. And right now, all PA-Series and VM-Series firewalls face a critical unauthenticated buffer overflow in the Captive Portal service, discovered and published May 6.

This isn't theoretical. CISA's Known Exploited Vulnerabilities Catalog confirms in-the-wild exploitation is already happening.

The patch window is seven days. If you haven't already scheduled your update, this week is the week to do it. Any delay puts your perimeter, your client data, and your audit stance at risk.

Have you confirmed your Palo Alto devices are covered in your current patch schedule? Your security team should have answers by Monday.

05/08/2026

HEADS UP:
Critical flaws in ConnectWise ScreenConnect are being actively exploited right now.

We're talking CVSS 9.0 CRITICAL SEVERITY.
Attackers can hijack sessions using extracted machine keys. If your organization uses ScreenConnect, upgrade to version 26.1 immediately.

Not sure if you're covered?
Reach out, we're here to help make sure you're protected.

05/07/2026

There's a critical vulnerability in Microsoft Defender that attackers have been actively exploiting.
If you run a bank, healthcare clinic, or wealth management firm, your organization needs to know about this.

CISA issued an emergency patch mandate with a deadline of yesterday, May 6 . Have you updated your Windows endpoints yet?

If you need help securing your systems, we're here to support you.

Stay safe,
TorchLight Secured & Managed IT

05/03/2026

Most companies treat cybersecurity like a smoke alarm.
Annoying, beeping, and only worth it the one night the kitchen catches fire.

That’s exactly why it lands on the wrong line of the budget.

Proof changes the math.

When your controls actually work and you can show it, insurance premiums drop, audits move faster, vendor reviews stop dragging, and recovery is measured in hours instead of headlines.

If security still looks like pure overhead on your books, the program isn’t broken.

The measurement model is.

Address

23505 East Appleway Avenue Suite 200
Spokane Valley, WA
99019

Telephone

+18664615099

Website

Alerts

Be the first to know and let us send you an email when TorchLight Secured & Managed It posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category