Security Bulletins

Security Bulletin text on the screen with a wolf in the background

CVE-2025-31161: Exploitation of Critical Authentication Bypass Vulnerability in CrushFTP

April 2, 2025

On March 21, 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC)

Security bulletin with an exclamation point in the middle of the screen

CVE-2025-1974: Critical Unauthenticated RCE Vulnerability in Ingress NGINX for Kubernetes

March 25, 2025

On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes

Alleged Oracle Cloud Supply Chain Attack: Six Million Records Stolen, 140K Companies Affected

March 24, 2025

On March 20, 2025, a Breach Forums user, “rose87168,” claimed to have stolen six million records from Oracle Cloud’s SSO and LDAP services and offered

Widespread Fake CAPTCHA Campaign Delivering Malware

March 13, 2025

Arctic Wolf has recently observed a campaign in which threat actors are compromising widely used websites across various industries and embedding a fake CAPTCHA challenge.

Microsoft Patch Tuesday: March 2025

March 12, 2025

On March 11, 2025, Microsoft released its March 2025 security update, addressing 57 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities affecting Microsoft Windows

Security bulletin with exclamation point symbol in the middle of the screen

Self-Proclaimed “BianLian Group” Uses Physical Mail to Extort Organizations

March 4, 2025

On or around February 25, 2025, a threat actor claiming to be associated with the BianLian ransomware group began using the United States Postal Service

Three VMware Zero-Days Exploited in the Wild Patched by Broadcom

March 4, 2025

On March 4, 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft,

Healthcare Sector Targeted by Fake CAPTCHA Attack on HEP2go to Deliver Infostealer Malware

March 3, 2025

Arctic Wolf has recently observed a campaign targeting the healthcare sector, where victims visiting the widely used physical therapy video site HEP2go are redirected to

PoC Exploit Available for Critical Information Disclosure Vulnerabilities in Ivanti EPM

February 20, 2025

On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities

CVE-2025-0108: Exploitation Attempts Targeting Web Management Interface of PAN-OS

February 18, 2025

On February 12, 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The

Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)

February 13, 2025

On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw

Microsoft Patch Tuesday: February 2025

February 12, 2025

On February 11, 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

January 24, 2025

On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

January 23, 2025

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is

Multiple Vulnerabilities in Rsync Could be Combined to Achieve RCE

January 16, 2025

On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a

Microsoft Patch Tuesday: January 2025

January 15, 2025

On January 14, 2025, Microsoft released its January 2025 security update, addressing 159 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities in this security

CVE-2024-55591: Follow up: Authentication Bypass Vulnerability in Fortinet FortiOS and FortiProxy

January 15, 2025

On January 14, 2025, Fortinet published a security advisory for CVE-2024-55591, an authentication bypass using an alternate path or channel vulnerability in FortiOS and FortiProxy.

Ransomware Campaign Encrypting Amazon S3 Buckets using SSE-C

January 14, 2025

On January 13, 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s

CVE-2025-0282: Critical Zero-Day Remote Code Execution Vulnerability Impacts Several Ivanti Products

January 9, 2025

On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and

December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware

December 19, 2024

Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

December 18, 2024

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after

CVE-2024-12356: Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)

December 17, 2024

On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw,

Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces

December 17, 2024

Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public

Cleo Releases Patches for Cleo MFT Zero-day Vulnerability

December 12, 2024

On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed

Follow-up: Threat Campaign Targeting Cleo MFT Products

December 11, 2024

On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. The vulnerability in

Ivanti Patches Multiple Critical-Severity Vulnerabilities in Cloud Services Application

December 11, 2024

On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could

Microsoft Patch Tuesday: December 2024

December 11, 2024

On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has

Arctic Wolf Labs Observes Threat Campaign Targeting Cleo MFT Products – Remediation Guidance

December 10, 2024

Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

December 3, 2024

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing.

Follow-Up: Arctic Wolf Observes Ongoing Exploitation of Critical Palo Alto Networks Vulnerability CVE-2024-0012 Chained with CVE-2024-9474

November 20, 2024

Click here for more information regarding our observations of these vulnerabilities being actively exploited. On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway

Cybersecurity Risks Amid Rising Iran–U.S. Tensions

Partners

Company

Careers

Press

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347