Endpoints are always a target for threat actors. They serve as potential entry points to the overall network, meaning an attack that starts on a single endpoint can quickly spread across an organization’s attack surface. And they are notoriously difficult for security teams to successfully protect. The makes and models of endpoints vary widely, as … How To Improve Your Endpoint Security
Let’s start with the good news. Law enforcement organisations around the world have stepped up their efforts to find, stop, and arrest ransomware operators, shut down dark web markets, and close crypto mixers and tumblers that help threat actors launder their funds. Plus, organisations have shown a new resilience against paying ransoms, with the 2025 … How To Detect and Stop a Ransomware Attack
Let’s start with the good news. Law enforcement organizations around the world have stepped up their efforts to find, stop, and arrest ransomware operators, shut down dark web markets, and close crypto mixers and tumblers that help threat actors launder their funds. Plus, organizations have shown a new resilience against paying ransoms, with the 2025 … How To Detect and Stop a Ransomware Attack
On 25 June 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not … CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not … CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilising the infostealer GIFTEDCROOK, has significantly evolved its capabilities. It has transitioned the malware from a basic browser data stealer (which we’re referring to as v1), through two new upgrades (v1.2 and v1.3) into a robust intelligence-gathering tool. Analysis … GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities. It has transitioned the malware from a basic browser data stealer (which we’re referring to as v1), through two new upgrades (v1.2 and v1.3) into a robust intelligence-gathering tool. Analysis … GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
In early 2013, the White House issued Executive Order 13636, which tasked the National Institute of Standards and Technology (NIST), a U.S. government federal agency, with the creation of a cybersecurity framework (CSF) that would help foster best practices for cybersecurity and better protect the nation’s critical infrastructure. NIST CSF 1.0 was published on February … NIST CSF 2.0: Understanding and Implementing the Govern Function
On 23 June 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on 17 June, is a critical-severity out-of-bounds read caused by insufficient input validation. It has been labeled … CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway
On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation. It has been labeled … CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway
On 21 June, the United States launched coordinated strikes against three Iranian nuclear facilities, marking its first direct military involvement in the ongoing Iran-Israel conflict. This operation, named Midnight Hammer, represents a significant escalation following Israeli airstrikes that began on 13 June 2025. In relation to the ongoing conflict, the U.S. Department of Homeland Security … Cybersecurity Risks Amid Rising Iran–U.S. Tensions
In the ever-evolving cybersecurity landscape, staying ahead of emerging threats is a constant challenge. Traditional endpoint detection and response (EDR) solutions often suffer from alert noise, rule complexity, and slow adaptation to new attack techniques. That’s why Arctic Wolf® is excited to introduce the Behavioral Detection Engine — an advanced detection and response framework embedded … Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora™ Endpoint Defense
In the ever-evolving cybersecurity landscape, staying ahead of emerging threats is a constant challenge. Traditional endpoint detection and response (EDR) solutions often suffer from alert noise, rule complexity, and slow adaptation to new attack techniques. That’s why Arctic Wolf® is excited to introduce the Behavioral Detection Engine — an advanced detection and response framework embedded … Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora™ Endpoint Defense
CloudHesive, an AWS Premier Consulting Partner based in Fort Lauderdale since 2014, specializes in cloud migrations, managed services, and AI-powered Amazon Connect solutions.
On June 21st, the United States launched coordinated strikes against three Iranian nuclear facilities, marking its first direct military involvement in the ongoing Iran-Israel conflict. This operation, named Midnight Hammer, represents a significant escalation following Israeli airstrikes that began on June 13, 2025. In relation to the ongoing conflict, the U.S. Department of Homeland Security … Cybersecurity Risks Amid Rising Iran–U.S. Tensions
Cyber attacks are a constant threat for organizations, with most facing the question of when, not if, they will be targeted. Just as businesses adopt new technology and processes to harden their defences or enhance operations, threat actors are continually evolving their tactics, techniques, and procedures (TTPs) to bypass those defenses, exploit newer technologies, and … The Top Attack Vectors Organisations Face
Cyber attacks are a constant threat for organizations, with most facing the question of when, not if, they will be targeted. Just as businesses adopt new technology and processes to harden their defenses or enhance operations, threat actors are continually evolving their tactics, techniques, and procedures (TTPs) to bypass those defenses, exploit newer technologies, and … The Top Cyber Attack Vectors Organizations Face
When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalisation of corporate environments, user credentials have proliferated. In … Four Ways to Prevent Credential Theft and Credential-Based Attacks
When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In … Four Ways to Prevent Credential Theft and Credential-Based Attacks
Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious phone calls from unidentified individuals claiming to be doctors who had forgotten their password. When the callers were confronted with a request to verify their identities, including first name and … Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials
On 17 June 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as … Pre-Authenticated RCE Chain Disclosed in Sitecore XP
On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as … Pre-Authenticated RCE Chain Disclosed in Sitecore XP
Join Arctic Wolf and DLA Piper Attorney and Director Christian Wiese Svanberg for a webinar that explores the NIS2 directive specifically with an in-depth perspective from the legal point of view.
On 10 June 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote code execution (RCE), and one enables authentication bypass. The vulnerabilities were responsibly disclosed by the Zero Day Initiative (ZDI), a vulnerability research organisation owned by Trend Micro. Vulnerabilities CVE-2025-49219 & … Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
On June 10, 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote code execution (RCE), and one enables authentication bypass. The vulnerabilities were responsibly disclosed by the Zero Day Initiative (ZDI), a vulnerability research organization owned by Trend Micro. Vulnerabilities CVE-2025-49219 & … Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
