Security Bulletins

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

September 27, 2024

On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

September 26, 2024

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting

CVE-2024-38812: Critical RCE Vulnerability Fixed in VMware vCenter Server and Cloud Foundation

September 18, 2024

Update (10/22/2024): Broadcom has released updated fixes for this vulnerability as the initial patch from September did not fully resolve the issue. Please read our

CVE-2024-6678: GitLab Fixes Critical Pipeline Execution Vulnerability

September 12, 2024

On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote

Security bulletin with an exclamation point in the middle of the screen

Microsoft’s September 2024 Patch Tuesday: Critical and Exploited Vulnerabilities Patched

September 11, 2024

On September 10, 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled

CVE-2024-29847: Ivanti Addresses Maximum Severity RCE Vulnerability in Endpoint Manager

September 10, 2024

On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

September 6, 2024

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of

Critical Vulnerabilities Patched in Veeam Products

September 6, 2024

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

September 5, 2024

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

September 5, 2024

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This

CVE-2024-6633: Critical Credential Vulnerability Affecting Fortra FileCatalyst Workflow

September 3, 2024

On August 27, 2024, Fortra published a security advisory regarding a critical credential vulnerability in FileCatalyst Workflow, identified as CVE-2024-6633. FileCatalyst Workflow is a managed

CVE-2024-40766: Critical Improper Access Control Vulnerability Impacting SonicOS

August 27, 2024

Update: As of September 6, 2024, we published an updated bulletin indicating potential exploitation of CVE-2024-40766 by affiliates of Akira ransomware. Please review the updated bulletin for more details.

CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk

August 22, 2024

Updates Since Last Security Bulletin: CVE-2024-28986 was added to CISA’s Known Exploited Vulnerabilities Catalog. A second hotfix has been released to address a newly disclosed

CVE-2024-6800: Critical Authentication Bypass Vulnerability Affecting GitHub Enterprise Server

August 21, 2024

On August 20, 2024, GitHub released security fixes for a critical authentication bypass vulnerability in GitHub Enterprise Server, identified as CVE-2024-6800. GitHub Enterprise Server is

CVE-2024-28986: Critical RCE Vulnerability Impacting SolarWinds Web Help Desk

August 16, 2024

On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an

Microsoft Patch Tuesday August 2024 Several Critical Vulnerability and Actively Exploited Vulnerabilities

August 14, 2024

On August 13, 2024, Microsoft released their August 2024 security update, which addressed 90 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 15 in this

CVE-2024-7593 & CVE-2024-7569: Critical Vulnerabilities Impacting Ivanti Virtual Traffic Manager and Neurons for ITSM

August 13, 2024

On August 12, 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM)

Security Bulletin with an exclamation point in the center of the image

Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager Responsibly Disclosed to Vendor

July 31, 2024

On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed

Security Bulletin text on the screen with a wolf in the background

CVE-2024-6327: Critical RCE Vulnerability in Progress Telerik Report Server

July 29, 2024

On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for

CVE-2024-20401 and CVE-2024-20419: Critical Vulnerabilities in Cisco Secure Email and Cisco Smart Software Manager On-Prem

July 23, 2024

On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401

CVE-2024-4879, CVE-2024-5178, CVE-2024-5217: ServiceNow MID Server Vulnerabilities Resulting in Unauthorized Code Execution

July 17, 2024

On July 10, 2024, ServiceNow disclosed a series of critical vulnerabilities impacting their platform, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These vulnerabilities were responsibly disclosed

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Our annual recap of the most noteworthy, high-profile, and damaging cybercrimes of the year.

The 2024 Gartner® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.

RVTools Supply Chain Attack Delivers Bumblebee Malware

Follow-Up: Samsung Patches Zero-Day Vulnerability in MagicINFO 9 Server (CVE-2025-4632)

Follow-up: Second Zero-Day Vulnerability Impacting SAP Netweaver Exploited in the Wild (CVE-2025-42999)

Partners

Company

Careers

Press

Cloud Security

Cyber Attacks and Breaches

Cyber Insurance

Managed Detection and Response

Podcasts

Regulatory Compliance

Security Awareness

Security Bulletins

Vulnerability Management

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

The 2024 Gartner^® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347