“Patch your IIS servers against CVE-2026-49975 today, verify SonicWall SMA1000 device firmware is current, and audit any Azure AI retry patterns in your automation for amplification risks.”
Azure AI Inference Retry Amplification: Microsoft Implementing July 2026 Overload Controls
Microsoft is rolling out stronger overload prevention and workload throttling controls in July 2026 to prevent excessive retry traffic from any single internal workload overwhelming shared Azure infrastructure — a root cause of the May 2026 multi-region AI inference outage that originated in Australia East. Engineers are also eliminating single points of failure in the inference routing layer. MSPs with Azure OpenAI or Copilot dependencies should review retry policies and implement exponential backoff in client applications as an interim mitigation.
Read more →CVE-2026-49975 'HTTP/2 Bomb' — Unpatched IIS DoS Vulnerability Disclosed, NGINX/Apache Patches Available
A new denial-of-service vulnerability dubbed 'HTTP/2 Bomb' (CVE-2026-49975) became public approximately one week ago, allowing a single low-bandwidth attacker to exhaust server memory on affected HTTP/2 platforms including Microsoft IIS, NGINX, and Apache. Patches are available for NGINX and Apache; a Microsoft IIS patch is not yet released. Workaround: disabling HTTP/2 is a valid temporary mitigation on IIS while awaiting Microsoft's patch.
Read more →SonicWall SMA1000 SQL Injection and VPN Credential Bypass Flaws Patched
SonicWall patched four vulnerabilities in SMA1000 series firewalls including a high-severity SQL injection (CVE-2026-4112) that could allow a read-only admin to escalate to primary admin rights, plus three additional flaws enabling SSL VPN credential enumeration and TOTP authentication bypass. SonicWall states no evidence of exploitation yet but urges immediate updates. MSPs should update SMA1000 appliances to the latest firmware and review admin account privilege assignments.
Read more →CompTIA 2026 MSP Benchmark: 68% of MSPs Have Adopted AI Automation, 27% Planning Full Integration Within 12 Months
According to CompTIA's 2026 MSP Benchmark Study, more than two-thirds of MSPs have adopted at least one AI automation tool, with AI triage reducing average ticket-resolution times by 35% across adopters. HaloPSA Copilot, Atera AI, and Syncro AI are among the leading tools cited for PSA-level automation. MSPs not yet investing in AI automation risk falling behind on efficiency benchmarks that are increasingly becoming baseline client expectations.
Read more →Microsoft AI CEO Predicts Most White-Collar Work Automated Within 12–18 Months — MSP Strategy Implications
Microsoft AI CEO Mustafa Suleyman stated that 'most, if not all' white-collar tasks could be automated within 12–18 months, citing AI-assisted coding trends as evidence of the shift already underway. For MSPs, this signals a near-term expansion opportunity in AI governance, workflow transformation consulting, and workforce training as client demand grows. MSPs that build AI oversight and governance frameworks now are positioned to win high-value, sticky engagements as clients navigate the transition.
Read more →Australia Cyber Security Act 2024: Mandatory Ransomware Payment Reporting Now in Effect for >A$3M Turnover Entities
Australia's Cyber Security Act 2024 — the country's first standalone cyber statute — requires entities with annual turnover above A$3M to report ransomware payments to government within 72 hours. This obligation is now in force and applies to many SME clients MSPs serve, particularly in financial services and healthcare. MSPs should ensure affected clients have an incident response plan that includes the 72-hour ransomware payment reporting workflow and are aware of separate 72-hour mandatory data breach notification requirements under the Privacy Act.
Read more →ACSC Essential Eight Compliance Driving New AU Managed Security Offerings: AUCloud Packages SOC + E8 Assessments
AUCloud has launched a tiered managed security solution suite designed to help Australian customers meet ACSC Essential Eight compliance obligations, including a premium tier featuring SOC, vulnerability scanning, phishing simulations, and in-person E8 assessment and reporting. The offerings align with Australia's 2023–2030 Cyber Security Strategy and its 'six cyber shields' framework. MSPs should consider whether packaging E8 assessments into their service catalogue is competitive differentiation, particularly for clients in regulated sectors.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.