Update – Recent reports confirm that the previously recommended fixed version (21.1050) of Samsung MagicINFO 9 Server remains vulnerable to a vulnerability being exploited in the wild.
Threat Event Timeline 22 April 2025 – Marks & Spencer released a cyber incident update on the London stock exchange website. The incident resulted in
2 May Updates: On 1 May 2025, CISA updated the Known Exploited Vulnerability (KEV) catalog with both vulnerabilities. On 2 May 2025, watchTowr Labs released an
We have published a new security bulletin detailing the newly clarified fixed versions of Commvault Command Center. On 24 April 2025, watchTowr published technical details
On 15 April 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for
On 8 April 2025, Microsoft released its April 2025 security update, addressing 126 newly disclosed vulnerabilities. Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows
On 3 April 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows
On 21 March 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC)
On 20 March 2025, a Breach Forums user, “rose87168,” claimed to have stolen six million records from Oracle Cloud’s SSO and LDAP services and offered
Arctic Wolf has recently observed a campaign in which threat actors are compromising widely used websites across various industries and embedding a fake CAPTCHA challenge.
On 11 March 2025, Microsoft released its March 2025 security update, addressing 57 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities affecting Microsoft Windows
On 4 March 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft,
On 19 February 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities
On 12 February 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The
On 11 February 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security
On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. Roughly
On 22 January 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is
On 14 January 2025, Microsoft released its January 2025 security update, addressing 159 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities in this security
On 13 January 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s
On 8 January 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and
Since 16 December 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public
On 11 December 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed
On 10 December 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has
Update (20 November 2024): Another follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On 18
Update (11/18/2024): A follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On 14 November 2024, Palo
On 12 November 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were
On 12 November 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE)
On 1 November 2024, details of a critical vulnerability affecting Synology NAS devices, which had been patched a few days earlier, were publicly disclosed. This
On 29 October 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own
