Security Bulletins

Security Bulletin with an exclamation point in the center of the image

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

June 17, 2025

On 17 June 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content

Security bulletin with an exclamation point in the middle of the screen

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

June 13, 2025

On 10 June 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote

Arctic Wolf Observes Organisations Receiving Unsolicited Microsoft MFA Messages

June 11, 2025

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the

Security Bulletin text on the screen with a wolf in the background

Microsoft Patch Tuesday: June 2025

June 11, 2025

On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in

CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability

June 5, 2025

On 4 June 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most

CVE-2025-37093: HPE Fixes Critical RCE Vulnerability in StoreOnce

June 4, 2025

On 2 June 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe

ConnectWise Breach Attributed to Nation-State Threat Actor

June 3, 2025

On 28 May 2025, ConnectWise published an advisory disclosing suspicious activity within its environment, attributed to a sophisticated nation-state threat actor known for intelligence collection.

Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

May 22, 2025

On 21 May 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container

Follow-Up: Samsung Patches Zero-Day Vulnerability in MagicINFO 9 Server (CVE-2025-4632)

May 14, 2025

Update – Fixes are now available for the high-severity path traversal zero-day vulnerability, now tracked as CVE-2025-4632, in Samsung MagicINFO 9 Server. Arctic Wolf had

Security bulletin with exclamation point symbol in the middle of the screen

Follow-up: Second Zero-Day Vulnerability Impacting SAP Netweaver Exploited in the Wild (CVE-2025-42999)

May 14, 2025

On 13 May 2025, SAP released a security advisory for CVE-2025-42999, a deserialization of untrusted data vulnerability in the NetWeaver Visual Composer component. This follows

Ivanti Fixes Critical and Actively Exploited Vulnerabilities in May 2025 Update

May 14, 2025

On 13 May 2025, Ivanti released patches addressing multiple vulnerabilities across its products. The most severe issues include an unauthenticated remote code execution exploit chain

Microsoft Patch Tuesday: May 2025

May 14, 2025

On 13 May 2025, Microsoft released its May 2025 security update, addressing 78 newly disclosed vulnerabilities. Arctic Wolf has highlighted six of these vulnerabilities in

CVE-2025-32756: Exploitation of Critical Severity Zero-Day Vulnerability in Fortinet FortiVoice

May 14, 2025

On 13 May 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The

Follow-Up: Commvault Updates Advisory With Fixed Versions for Critical Commvault Command Center Vulnerability (CVE-2025-34028)

May 9, 2025

Update – Since our last security bulletin, Commvault has clarified that being on versions 11.38.20 or 11.38.25 alone is not sufficient—particular updates within those versions

Follow-Up: Samsung MagicINFO 9 Remains Vulnerable to Ongoing Exploitation

May 8, 2025

Update – Recent reports confirm that the previously recommended fixed version (21.1050) of Samsung MagicINFO 9 Server remains vulnerable to a vulnerability being exploited in the wild.

Uptick in Ransomware Threat Activity Targeting Retailers in the UK

May 5, 2025

Threat Event Timeline 22 April 2025 – Marks & Spencer released a cyber incident update on the London stock exchange website. The incident resulted in

Follow-Up: SonicWall Updates Advisories for Actively Exploited Vulnerabilities

April 30, 2025

2 May Updates: On 1 May 2025, CISA updated the Known Exploited Vulnerability (KEV) catalog with both vulnerabilities. On 2 May 2025, watchTowr Labs released an

CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center

April 24, 2025

We have published a new security bulletin detailing the newly clarified fixed versions of Commvault Command Center. On 24 April 2025, watchTowr published technical details

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

April 17, 2025

On 15 April 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for

Microsoft Patch Tuesday: April 2025

April 9, 2025

On 8 April 2025, Microsoft released its April 2025 security update, addressing 126 newly disclosed vulnerabilities. Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows

CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation

April 4, 2025

On 3 April 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows

CVE-2025-31161: Exploitation of Critical Authentication Bypass Vulnerability in CrushFTP

April 2, 2025

On 21 March 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC)

Alleged Oracle Cloud Supply Chain Attack: Six Million Records Stolen, 140K Companies Affected

March 25, 2025

On 20 March 2025, a Breach Forums user, “rose87168,” claimed to have stolen six million records from Oracle Cloud’s SSO and LDAP services and offered

Widespread Fake CAPTCHA Campaign Delivering Malware

March 13, 2025

Arctic Wolf has recently observed a campaign in which threat actors are compromising widely used websites across various industries and embedding a fake CAPTCHA challenge.

Microsoft Patch Tuesday: March 2025

March 12, 2025

On 11 March 2025, Microsoft released its March 2025 security update, addressing 57 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities affecting Microsoft Windows

Three VMware Zero-Days Exploited in the Wild Patched by Broadcom

March 4, 2025

On 4 March 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft,

PoC Exploit Available for Critical Information Disclosure Vulnerabilities in Ivanti EPM

February 20, 2025

On 19 February 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities

CVE-2025-0108: Exploitation Attempts Targeting Web Management Interface of PAN-OS

February 18, 2025

On 12 February 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The

Microsoft Patch Tuesday: February 2025

February 12, 2025

On 11 February 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

January 24, 2025

On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. Roughly

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Riding the Rails: Arctic Wolf Tracking Threat Actors Abusing Railway PaaS for Microsoft 365 Token Compromise

TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway

Company

Careers

Press

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK