On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE).   CVE-2022-31706

Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple

Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory

On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022.

Arctic Wolf has observed an increase in exploitation of CVE-2022-41080 and CVE-2022-41082 in recent Incident Response engagements where the vulnerabilities were chained together to achieve remote code

Updated: Dec 18, 2022 On the 12th of December 2022, we sent out a security bulletin about a Fortinet security advisory involving an actively exploited

In a coordinated disclosure with Microsoft on December 13th, 2022, security researchers with Mandiant, SentinelOne, and Sophos published evidence of a threat actor technique where

As part of Microsoft’s September 2022 Security Update, Microsoft released security updates to remediate CVE-2022-37958–an information disclosure vulnerability in SPNEGO NEGOEX that impacted all Windows

On December 13th, 2022, Citrix disclosed a critical remote code execution vulnerability (CVE-2022-27518) affecting several versions of Citrix ADC and Citrix Gateway.  Citrix strongly advises

On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1

In a widespread campaign, threat actors chained two Zimbra Collaboration Suite vulnerabilities to obtain remote code execution and deploy a variety of webshells. As CVE-2022-27925,

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass

On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as

On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager

On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older.

On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication

Previously published blog post: https://arcticwolf.com/resources/blog/cve-2022-40684/ Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated

Previously published blog posts about CVE-2022-41040 and CVE-2022-41082:  Microsoft Exchange On-Prem Zero-Day Vulnerabilities Exploited in the Wild Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited

On Wednesday, October 5, 2022, Microsoft published updated mitigation guidance for two zero-day vulnerabilities in Microsoft Exchange Server: CVE-2022-41040 (SSRF vulnerability) and CVE-2022-41082 (RCE vulnerability).

On Thursday, September 29th, 2022, GTSC–a Vietnam-based cybersecurity company–published a blog detailing intrusion they investigated that chained together two exploits for Microsoft Exchange zero-day vulnerabilities

Key Takeaways:  The second quarter of 2022 saw a significant uptick in business email compromise (“BEC”) attacks, accounting for over a third of total cases

On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1

On Wednesday, August 3, 2022, Cisco disclosed two critical-severity vulnerabilities (CVE-2022-20842 and CVE-2022-20827) impacting RV160, RV260, RV340, and RV345 series small business routers. Both vulnerabilities

On Tuesday, August 2, 2022, VMware disclosed a critical-severity authentication bypass vulnerability (CVE-2022-31656) impacting multiple VMware products, including VMware’s Workspace ONE Access, Identity Manager (vIDM),