Security Bulletins

Security Bulletin with an exclamation point in the center of the image

CVE-2023-36934: New Authentication Bypass Vulnerability Identified in MOVEit Transfer

July 6, 2023

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting

CVE-2023-26258: Unauthenticated RCE Vulnerability in Arcserve Unified Data Protection

July 5, 2023

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows.

CVE-2023-33299: Critical Fortinet FortiNAC RCE Vulnerability

June 23, 2023

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to

Security bulletin with an exclamation point in the middle of the screen

Six Critical Vulnerabilities Patched with Microsoft’s June Security Update

June 15, 2023

On June 13, 2023, Microsoft published their June 2023 Security Update which included patches for six vulnerabilities with a max severity of critical. According to

New Vulnerabilities Similar to CVE-2023-34362 Identified in MOVEit Transfer and MOVEit Cloud

June 12, 2023

Update – June 15: On June 15, 2023, Progress released a security advisory detailing a newly discovered SQL injection vulnerability impacting the MOVEit Transfer web

CVE 2023-2868: Barracuda Urges Customers to Replace Compromised Email Security Gateway (ESG) Appliances

June 9, 2023

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version. Barracuda

CVE-2023-33733: RCE Vulnerability in ReportLab PDF Toolkit

June 2, 2023

On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Actively Exploited in the Wild

June 2, 2023

On May 31, 2023, Progress released a security advisory warning customers of a critical zero-day vulnerability being actively exploited in MOVEit Transfer, a managed file

CVE-2023-33009 and CVE-2023-33010: Multiple Critical Unauthenticated RCE Vulnerabilities in Zyxel Firewalls

May 26, 2023

On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their

Phishing Threat From New .zip Top-Level Domain

May 18, 2023

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses.

CVE-2023-29343: Sysmon Local Privilege Escalation Vulnerability

May 12, 2023

In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered

Multiple Vulnerabilities Patched With Two Being Actively Exploited in Microsoft’s May Security Update

May 10, 2023

On May 9, 2023, Microsoft published their May 2023 Security Update which includes two actively exploited vulnerabilities. This Security Update patched multiple high to critical

CVE-2023-21932: Critical Unauthenticated RCE Vulnerability in Oracle Hospitality OPERA 5 Property Services

May 3, 2023

Oracle recently released their Critical Patch Update addressing 433 vulnerabilities across their products, including a vulnerability in the Oracle Hospitality OPERA 5 Property Services product.

Security Bulletin text on the screen with a wolf in the background

Critical Remote Code Execution Vulnerability in VMware Aria Operations for Logs: CVE-2023-20864

April 21, 2023

On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result

CVE-2023-27350: Exploitation of Critical RCE Vulnerability in PaperCut Print Management Server

April 20, 2023

On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by

Multiple Vulnerabilities Patched With One Being Actively Exploited in Microsoft’s April Security Update

April 14, 2023

On April 11, 2023, Microsoft published their April 2023 Security Update and patched multiple high to critical vulnerabilities, with one of them being actively exploited

Supply Chain Attack Targeting 3CX Softphone Application

March 30, 2023

On Wednesday, March 29, 2023, details of unexpected malicious activity observed from the legitimate and cryptographically signed 3CX SoftPhone Desktop App application were shared in

CVE-2023-27532: PoC Exploit Released for Veeam Backup and Replication Vulnerability

March 24, 2023

On Saturday, March 18, 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR)

Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft’s March Security Update

March 16, 2023

On March 14, 2023, Microsoft published their March 2023 Security Update and patched multiple high to critical vulnerabilities, with two of them being actively exploited

Potential BEC & Phishing Activity due to Recent Banking Events in the United States

March 13, 2023

Summary On Friday, March 10, 2023, California state regulators took possession of Silicon Valley Bank (SVB) and appointed The Federal Deposit Insurance Corporation (FDIC) as

Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

March 8, 2023

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to

Critical RCE Vulnerability in Multiple Cisco IP Phones: CVE-2023-20078

March 3, 2023

On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows

LastPass Updates Data Breach Advisory with New Details

March 2, 2023

Note: This is not a new breach of LastPass’ systems, but rather sharing of additional details from their investigation into the incident they publicly disclosed

Fortinet Patches Critical RCE Vulnerabilities in FortiNAC and FortiWeb

February 22, 2023

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities

Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft’s February Security Update

February 15, 2023

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited

Significant Increase in Malicious Files Delivered via OneNote Attachments

February 8, 2023

Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel

CVE-2023-0669: Actively Exploited GoAnywhere MFT Zero-Day Vulnerability

February 7, 2023

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability

February 2, 2023

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices

Security bulletin with exclamation point symbol in the middle of the screen

Multiple Critical Vulnerabilities in VMware vRealize Log Insight

January 26, 2023

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). CVE-2022-31706

CVE-2022-47966: Researchers to Release PoC Exploit for Critical Vulnerability Affecting ManageEngine Products

January 17, 2023

Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

RVTools Supply Chain Attack Delivers Bumblebee Malware

Follow-Up: Samsung Patches Zero-Day Vulnerability in MagicINFO 9 Server (CVE-2025-4632)

Partners

Company

Careers

Press

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347