On January 7, 2026, fixes were released for a maximum severity vulnerability (CVE-2026-21858) impacting n8n, a workflow automation application primarily used with artificial intelligence. Labeled “Ni8mare” by the researchers

On December 19, 2025, MongoDB issued an advisory for CVE-2025-14847, known as “MongoBleed,” a high-severity vulnerability in the server’s zlib-based network compression functionality. This vulnerability affects how the database

On December 17, 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and

On December 18, 2025, WatchGuard released fixes for CVE-2025-14733, a critical out-of-bounds write vulnerability in the Internet Key Exchange daemon (iked) process used to establish VPN tunnels in Fireware OS, which powers

On December 17, 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602. The vulnerability

On December 11, 2025, Push Security published research detailing a newly observed browser-based phishing technique called ConsentFix. The name ConsentFix is derived from its similarity to the previously documented ClickFix technique using fake

On December 12, 2025, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Fortinet had previously released an advisory for two critical authentication

On December 9, 2025, Microsoft released its December 2025 security update, addressing 57 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows and Office

On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these

On December 3, 2025, the React team released fixes for a maximum severity vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182, stems from unsafe

On November 19, 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their advisory,

On November 13, 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability. The flaw is a path traversal issue in the FortiWeb web application firewall (WAF) that

On November 11, 2025, Microsoft released its November 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted two vulnerabilities affecting Microsoft Windows

On November 11, 2025, SAP published a security advisory as part of their November security patches, addressing a maximum severity vulnerability identified as CVE-2025-42890 in

Summary On October 23, 2025, Microsoft released an out-of-band security update for a critical vulnerability tracked as CVE-2025-59287. The flaw stems from the deserialization of

On October 15, 2025, F5 announced that in August 2025, they had discovered evidence of a highly sophisticated nation-state threat actor which had maintained long-term, persistent access to certain

On October 14, 2025, Microsoft released its October 2025 security update, addressing 175 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows

On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. As of

On October 4, 2025, Oracle released a fix for a newly disclosed critical vulnerability, tracked as CVE-2025-61882, linked to recent extortion emails received by some

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities

Since late July 2025, Arctic Wolf has tracked an increase in Akira ransomware activity targeting SonicWall SSL VPN accounts. This campaign remains active and continues

On September 25, 2025, Cisco released fixes for two vulnerabilities in Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) that are currently being actively

On September 23, 2025, SolarWinds released a hotfix for a critical vulnerability impacting Web Help Desk (WHD), tracked as CVE-2025-26399. The vulnerability arises from a

Update 9/22/25: The indicators of compromise (IoCs) table has been updated to include new ASNs and IP addresses identified across dozens of cases related to

On September 18, 2025, Fortra released a patch addressing a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035. The vulnerability stems from

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. SonicWall states

On September 17, 2025, WatchGuard released fixes for a critical out-of-bounds write vulnerability (CVE-2025-9242) in the iked process of WatchGuard Fireware OS, which powers their Firebox

On September 15, 2025, reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by malware as part of a broader supply chain attack