On 19 November 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their
On 13 November 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability. The flaw is a path traversal issue in the FortiWeb web application firewall (WAF)
On 14 October 2025, Microsoft released its October 2025 security update, addressing 175 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows
On 11 October 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw
On 17 September 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. As of
On 4 October 2025, Oracle released a fix for a newly disclosed critical vulnerability, tracked as CVE-2025-61882, linked to recent extortion emails received by some
On 2 October 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities
On 25 September 2025, Cisco released fixes for two vulnerabilities in Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) that are currently being actively
On 23 September 2025, SolarWinds released a hotfix for a critical vulnerability impacting Web Help Desk (WHD), tracked as CVE-2025-26399. The vulnerability arises from a
Update 22 Sept. 2025: The indicators of compromise (IoCs) table has been updated to include new ASNs and IP addresses identified across dozens of cases
On 18 September 2025, Fortra released a patch addressing a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035. The vulnerability stems from
On 9 September 2025, Adobe released an out-of-band security update to address a critical vulnerability in Adobe Commerce and Magento Open Source. The vulnerability, tracked
On 9 September 2025, Microsoft released its September 2025 security update, addressing 86 newly disclosed vulnerabilities. Arctic Wolf highlighted three vulnerabilities in this bulletin. At
On 9 September 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is
On 20 August 2025, Salesloft published an advisory describing a security issue potentially affecting the Salesloft Drift integration with Salesforce. On 26 August, Google Threat
On 14 August 2025, Cisco released fixes for a maximum-severity vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software, tracked as CVE-2025-20265. FMC is the
On 12 August 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralisation of special elements
On 12 August 2025, Microsoft released its August 2025 security update, addressing 107 newly disclosed vulnerabilities. Arctic Wolf highlighted four vulnerabilities in this bulletin based
On 5 August 2025, Trend Micro released a short-term mitigation tool addressing two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Apex One. These flaws
On 23 July 2025, Mitel released fixes for a critical authentication bypass vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE, a communication platform
On 19 July 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this
On 18 July 2025, CrushFTP disclosed that a zero-day vulnerability—now tracked as CVE-2025-54309—had been exploited in the wild, likely for some time. Threat actors reverse
Updates Since Previous Bulletin Technical details and proof-of-concept (PoC) exploit code were publicly released by watchTowr and Horizon3 in early July. CVE-2025-5777 was added to
On July 16, 2025, Cisco updated its advisory—originally published in late June—to include a third maximum-severity vulnerability affecting Cisco Identity Services Engine (ISE) and ISE-Passive
Arctic Wolf has recently observed a widespread phishing campaign targeting multiple organisations by abusing Microsoft 365’s Direct Send feature—a feature designed for internal email delivery
Since at least February 2025, Arctic Wolf has observed Interlock Remote Access Trojan (RAT) being deployed via social engineering techniques. Recently, The DFIR Report published
Summary On 8 July, 2025, the Git project released new versions of Git to address CVE-2025-48384, a high-severity vulnerability allowing threat actors to create malicious
On 10 July 2025, a technical article was published by Huntress revealing that a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812,
On 8 July 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via
On 8 July 2025, Microsoft released its July 2025 security update, addressing 130 newly disclosed vulnerabilities. Arctic Wolf is highlighting five vulnerabilities in this bulletin
