On January 31, 2024, Ivanti published an article disclosing two high severity vulnerabilities:  CVE-2024-21893: A server-side request forgery flaw present in the SAML component of

On 22 January 2024, Fortra publicly disclosed a critical vulnerability, CVE-2024-0204, in their GoAnywhere MFT product. This vulnerability, which was responsibly disclosed to Fortra by

On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler

On 10 January 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a

On 10 January 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows

In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN

On 9 January 2024, Microsoft published their January 2024 security update with patches for 48 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 3 in

On 13 December 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used

On 14 November 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM.

On November 21, 2023, ownCloud published advisories on three security vulnerabilities.  The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103

On Tuesday, 5 December 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence

On 23 November 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently

Arctic Wolf has recently worked on multiple incident response cases where we have observed a Cactus ransomware campaign exploiting vulnerabilities in Qlik Sense to gain

Beginning on at least 20 October 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise

On 10 August 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked

On 14 November 2023, Microsoft published their November Security Update with patches for 63 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five in this

On 26 October 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited

On 25 October 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by

On 18 October 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue

On October 10, 2023, Microsoft published their October 2023 Security Update including patches for 104 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted two with

On 10 October 2023, Citrix issued a security bulletin describing a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (CVE-2023-4966, CVSS: 9.4).

On 27 September 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating.

On 7 September 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was

On 20 September 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability

On 21 September 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari.      Vulnerability    Description   

In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools,

On 31 August 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently,

On 7 September 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS,

Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT

On 21 August 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be