On 10 March 2026, Microsoft released its March 2026 security update addressing 83 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Office

On 03 March 2026, pac4j released fixes for a maximum severity vulnerability in pac4j-jwt, tracked as CVE-2026-29000. The flaw arises from improper verification of cryptographic

On 24 February 2026, sooperset, the mcp-atlassian project maintainer, released fixes for a critical vulnerability in mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement

On 25 February 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN

Update: Arctic Wolf has observed suspected exploitation of CVE-2026-1731 and has published its findings in an updated security bulletin, available here.  Since our previous security

On 10 February 2026, Microsoft released its February 2026 security update, addressing 59 newly disclosed vulnerabilities. Arctic Wolf highlighted six of these vulnerabilities affecting Microsoft Windows and Microsoft

On 6 February 2026, Fortinet released fixes for a critical vulnerability in FortiClientEMS, tracked as CVE-2026-21643. The flaw arises from improper neutralisation of special elements

On 6 February 2026, BeyondTrust released fixes for a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), tracked as CVE‑2026‑1731. This

On 2 February 2026, the Notepad++ open source project disclosed new details about a supply chain compromise that impacted its update delivery infrastructure between June and December 2025. The

On 29 January 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281

Summary On 27 January 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the

On 28 January 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a

On 20 January 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked

On 21 January 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The

On 13 January 2025, Fortinet released fixes for a critical-severity FortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within the phMonitor service (TCP/7900).

On 13 January 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw

On 13 January Microsoft released its January 2026 security update, addressing 112 newly disclosed vulnerabilities. Arctic Wolf has highlighted four vulnerabilities affecting Microsoft Windows and

On 7 January 2026, Trend Micro released a critical patch for Apex Central on-premises versions below Build 7190, addressing multiple vulnerabilities. The most severe of the vulnerabilities disclosed is

On 7 January 2026, fixes were released for a maximum severity vulnerability (CVE-2026-21858) impacting n8n, a workflow automation application primarily used with artificial intelligence. Labeled “Ni8mare” by the

On 19 December 2025, MongoDB issued an advisory for CVE-2025-14847, known as “MongoBleed,” a high-severity vulnerability in the server’s zlib-based network compression functionality. This vulnerability affects how

On 17 December 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure

On 17 December 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602.

On 12 December 2025, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Fortinet had previously released an advisory for two critical

On 9 December 2025, Microsoft released its December 2025 security update, addressing 57 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows and

On 3 December 2025, the React team released fixes for a maximum severity vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182, stems

On 19 November 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their

On 13 November 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability. The flaw is a path traversal issue in the FortiWeb web application firewall (WAF)

On 14 October 2025, Microsoft released its October 2025 security update, addressing 175 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows

On 11 October 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw

On 17 September 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. As of