On May 6, 2026, Palo Alto Networks disclosed a critical buffer overflow vulnerability (CVE-2026-0300) in the User-ID™ Authentication Portal (Captive Portal) component of PAN-OS. This

Updated May 1 Anthropic has officially launched Claude Security, moving its AI‑driven code vulnerability detection, validation, and patching capabilities from a limited research preview into

On April 14, 2026, Microsoft released its April 2026 security update, addressing 165 newly disclosed vulnerabilities. Among these, Arctic Wolf has highlighted two vulnerabilities in

Summary On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute

On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and

The widely used Axios npm package, a JavaScript library that enables applications to make HTTP/S requests and is included as a dependency in millions of

On March 28, 2026, F5 updated its security advisory for a vulnerability impacting BIG-IP APM that was originally disclosed in October 2025 (CVE-2025-53521). The vulnerability

Arctic Wolf has recently observed a phishing campaign targeting Microsoft 365 that abuses the OAuth device code flow to trick victims into providing authentication codes.

Summary The threat actor TeamPCP has recently launched a coordinated campaign targeting security tools and open-source developer infrastructure by pivoting with stolen CI/CD secrets and

On March 23, 2026, Citrix released fixes for a critical vulnerability affecting NetScaler ADC and NetScaler Gateway (CVE‑2026‑3055) that allows unauthenticated threat actors to perform

On March 20, 2026, Oracle released fixes for a critical vulnerability in its Fusion Middleware suite affecting Identity Manager and Web Services Manager, tracked as

On March 10, 2026, Microsoft released its March 2026 security update addressing 83 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Office

On March 03, 2026, pac4j released fixes for a maximum severity vulnerability in pac4j-jwt, tracked as CVE-2026-29000. The flaw arises from improper verification of cryptographic

On March 4, 2026, Cisco released fixes for two maximum-severity vulnerabilities impacting Cisco Secure Firewall Management Center (FMC), which is used to centrally manage Cisco Secure Firewall

On February 28, 2026, the United States, in coordination with Israel, launched a large-scale military campaign against Iran known as Operation Epic Fury, marking a

On February 24, 2026, sooperset, the mcp-atlassian project maintainer, released fixes for a critical vulnerability in mcp-atlassian, tracked as CVE-2026-27825. The flaw arises from missing directory confinement and inadequate path traversal

On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN

Since our previous security bulletin, Arctic Wolf has observed malicious activities in the wild tied to suspected exploitation of CVE-2026-1731 of self-hosted BeyondTrust Remote Support

On February 10, 2026, Microsoft released its February 2026 security update, addressing 59 newly disclosed vulnerabilities. Arctic Wolf highlighted six of these vulnerabilities affecting Microsoft Windows and Microsoft Office

On February 6, 2026, Fortinet released fixes for a critical vulnerability in FortiClientEMS, tracked as CVE-2026-21643. The flaw arises from improper neutralization of special elements used in SQL

Update: Arctic Wolf has observed suspected exploitation of CVE-2026-1731 and has published its findings in an updated security bulletin, available here.  On February 6, 2026,

On February 2, 2026, the Notepad++ open source project disclosed new details about a supply chain compromise that impacted its update delivery infrastructure between June and December 2025. The attack was attributed

On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281

Summary On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable

On January 20, 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked as CVE‑2026‑21962.

On January 21, 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper

Starting on January 15, 2026, Arctic Wolf began observing a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. This

On January 13, 2025, Fortinet released fixes for a critical-severity FortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within

On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the