Security Bulletins

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

January 24, 2025

On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

January 23, 2025

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is

Multiple Vulnerabilities in Rsync Could be Combined to Achieve RCE

January 16, 2025

On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a

Microsoft Patch Tuesday: January 2025

January 15, 2025

On January 14, 2025, Microsoft released its January 2025 security update, addressing 159 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities in this security

Security bulletin with exclamation point symbol in the middle of the screen

CVE-2024-55591: Follow up: Authentication Bypass Vulnerability in Fortinet FortiOS and FortiProxy

January 15, 2025

On January 14, 2025, Fortinet published a security advisory for CVE-2024-55591, an authentication bypass using an alternate path or channel vulnerability in FortiOS and FortiProxy.

Ransomware Campaign Encrypting Amazon S3 Buckets using SSE-C

January 14, 2025

On January 13, 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s

CVE-2025-0282: Critical Zero-Day Remote Code Execution Vulnerability Impacts Several Ivanti Products

January 9, 2025

On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and

Security Bulletin text on the screen with a wolf in the background

December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware

December 19, 2024

Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

December 18, 2024

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after

CVE-2024-12356: Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)

December 17, 2024

On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw,

Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces

December 17, 2024

Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public

Cleo Releases Patches for Cleo MFT Zero-day Vulnerability

December 12, 2024

On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed

Follow-up: Threat Campaign Targeting Cleo MFT Products

December 11, 2024

On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. The vulnerability in

Ivanti Patches Multiple Critical-Severity Vulnerabilities in Cloud Services Application

December 11, 2024

On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could

Microsoft Patch Tuesday: December 2024

December 11, 2024

On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has

Arctic Wolf Labs Observes Threat Campaign Targeting Cleo MFT Products – Remediation Guidance

December 10, 2024

Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

December 3, 2024

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing.

Follow-Up: Arctic Wolf Observes Ongoing Exploitation of Critical Palo Alto Networks Vulnerability CVE-2024-0012 Chained with CVE-2024-9474

November 20, 2024

Click here for more information regarding our observations of these vulnerabilities being actively exploited. On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed

Follow-Up: Critical Authentication Bypass Vulnerability in Palo Alto Networks Firewalls Actively Exploited (CVE-2024-0012)

November 18, 2024

Update (11/20/2024): Another follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 18,

Critical Unauthenticated Remote Command Execution Vulnerability in Palo Alto Networks Firewalls Actively Exploited

November 15, 2024

Update (11/18/2024): A follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 14,

Microsoft Patch Tuesday: November 2024

November 13, 2024

On November 12, 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were

CVE-2024-50330: Ivanti Addresses Critical Severity RCE Vulnerability in Endpoint Manager

November 12, 2024

On November 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE)

CVE-2024-42509, CVE-2024-47460: Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

November 7, 2024

On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks

CVE-2024-10443: Critical Zero-Click RCE Vulnerability Discovered in Synology NAS Devices

November 4, 2024

On November 1, 2024, details of a critical vulnerability affecting Synology NAS devices, which had been patched a few days earlier, were publicly disclosed. This

CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

October 30, 2024

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own

CVE-2024-47575: Critical Vulnerability in FortiNet FortiManager Under Active Exploitation

October 24, 2024

On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited

Update: Broadcom Releases Fix for Incomplete Patch of Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation (CVE-2024-38812)

October 22, 2024

On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

RVTools Supply Chain Attack Delivers Bumblebee Malware

Follow-Up: Samsung Patches Zero-Day Vulnerability in MagicINFO 9 Server (CVE-2025-4632)

Partners

Company

Careers

Press

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347