On 4 March 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft,
On 19 February 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities
On 12 February 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The
On 11 February 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security
On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. Roughly
On 22 January 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is
On 14 January 2025, Microsoft released its January 2025 security update, addressing 159 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities in this security
On 13 January 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s
On 8 January 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and
Since 16 December 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public
On 11 December 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed
On 10 December 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has
Update (20 November 2024): Another follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On 18
Update (11/18/2024): A follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On 14 November 2024, Palo
On 12 November 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were
On 12 November 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE)
On 1 November 2024, details of a critical vulnerability affecting Synology NAS devices, which had been patched a few days earlier, were publicly disclosed. This
On 29 October 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own
On 21 October 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the
On 15 October 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an
On 9 October 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote
On 24 September 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring
On 26 September 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system
On 24 September 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting
Update (10/22/2024): Broadcom has released updated fixes for this vulnerability as the initial patch from September did not fully resolve the issue. Please read our follow-up security
On 11 September 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote
On 10 September 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled
On 10 September 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal
On 4 September 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five
