On 10 July 2025, a technical article was published by Huntress revealing that a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812,
On 8 July 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via
On 8 July 2025, Microsoft released its July 2025 security update, addressing 130 newly disclosed vulnerabilities. Arctic Wolf is highlighting five vulnerabilities in this bulletin
Since early June 2025, Arctic Wolf has observed a search engine optimisation (SEO) poisoning and malvertising campaign promoting malicious websites hosting Trojanized versions of legitimate
Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute force and spear phishing techniques. Threat actors initially attempted
On 25 June 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow
On 23 June 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual
On 21 June, the United States launched coordinated strikes against three Iranian nuclear facilities, marking its first direct military involvement in the ongoing Iran-Israel conflict.
On 17 June 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content
On 10 June 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote
Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the
On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in
On 4 June 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most
On 2 June 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe
On 28 May 2025, ConnectWise published an advisory disclosing suspicious activity within its environment, attributed to a sophisticated nation-state threat actor known for intelligence collection.
On 21 May 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container
Update – Fixes are now available for the high-severity path traversal zero-day vulnerability, now tracked as CVE-2025-4632, in Samsung MagicINFO 9 Server. Arctic Wolf had
On 13 May 2025, SAP released a security advisory for CVE-2025-42999, a deserialization of untrusted data vulnerability in the NetWeaver Visual Composer component. This follows
On 13 May 2025, Ivanti released patches addressing multiple vulnerabilities across its products. The most severe issues include an unauthenticated remote code execution exploit chain
On 13 May 2025, Microsoft released its May 2025 security update, addressing 78 newly disclosed vulnerabilities. Arctic Wolf has highlighted six of these vulnerabilities in
On 13 May 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The
Update – Since our last security bulletin, Commvault has clarified that being on versions 11.38.20 or 11.38.25 alone is not sufficient—particular updates within those versions
Update – Recent reports confirm that the previously recommended fixed version (21.1050) of Samsung MagicINFO 9 Server remains vulnerable to a vulnerability being exploited in the wild.
Threat Event Timeline 22 April 2025 – Marks & Spencer released a cyber incident update on the London stock exchange website. The incident resulted in
2 May Updates: On 1 May 2025, CISA updated the Known Exploited Vulnerability (KEV) catalog with both vulnerabilities. On 2 May 2025, watchTowr Labs released an
We have published a new security bulletin detailing the newly clarified fixed versions of Commvault Command Center. On 24 April 2025, watchTowr published technical details
On 15 April 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for
On 8 April 2025, Microsoft released its April 2025 security update, addressing 126 newly disclosed vulnerabilities. Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows
On 3 April 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows
On 21 March 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC)
