Key Takeaways Arctic Wolf observed a wave of CVE-2026-0257 exploitation activity in late May and early June 2026, following the publication of working exploit code

Summary The 2026 FIFA World Cup is a once-in-a-generation opportunity, and threat actors have already begun capitalizing on it. The 2026 FIFA World Cup, set

Key Takeaways In our previous post, Token Bingo: Don’t Let Your Code Be the Winner, we documented Kali365, a phishing-as-a-service (PhaaS) kit abusing Microsoft’s OAuth

Key Takeaways Arctic Wolf observed evidence of CVE-2026-35616 being exploited against FortiClient EMS deployments. The campaign abused trusted endpoint management infrastructure to deliver malware across

Executive Summary Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff,

Executive Summary In early April 2026, Arctic Wolf began tracking a large-scale device code phishing campaign impacting organizations across multiple regions and sectors. Similar to

Executive Summary Over the last year, AI-assisted malware development has evolved from an experimental practice into a common part of the attacker toolkit. In a

Summary Between January 2025 and January 2026, Arctic Wolf tracked an extensive cyber espionage campaign that we assess was conducted by SloppyLemming (also known as

Summary  In September 2025, Arctic Wolf® Labs identified a U.S.-based company that was targeted by RomCom threat actors via SocGholish, operated by TA569. While the

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community) Executive Summary Arctic Wolf Labs

Summary Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB)

Key Takeaways In late July 2025, Arctic Wolf® detected a surge of malicious activity targeting environments running SonicWall firewalls—a campaign that remains active at the

Executive Summary On 19 August  2025, the Arctic Wolf® Cybersecurity Operations Center (cSOC) uncovered and remediated a sophisticated delivery chain: a threat actor leveraged GitHub’s repository

Executive Summary A relatively new ransomware group, Interlock, has gained traction in 2025 as an opportunistic ransomware operator that leverages compromised websites and multi-stage social

Executive Summary The Arctic Wolf® Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of

Summary A financially-motivated threat actor, active since early 2021, has been targeting Mexican organizations with custom packaged installers that deliver a modified version of AllaKore

Introduction In today’s interconnected world, the line between physical and digital domains is increasingly blurred, with geopolitical tensions often spilling over into cyberspace. Over the

Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities.

Takeaways  Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate

Executive Summary During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist

Key Takeaways Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. The campaign involved unauthorized

Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we

Key Takeaways Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices. Affected devices triggered downloads over HTTP

Summary In early September, as part of the Arctic Wolf® Labs team’s continuous monitoring of cyber activities across the Indian subcontinent, we came across an

Key Takeaways Arctic Wolf has observed an influx of at least 30 Akira and Fog intrusions across a variety of industries since early August, each

Summary As part of our continuous threat hunting efforts, the Arctic Wolf® Labs team has discovered a new campaign by the nation-state threat actor known

Summary Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage

Summary In June 2024, a threat group utilizing Akira ransomware was discovered targeting a Latin American airline. The threat actor initially accessed the network via