On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow

On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual

On June 21st, the United States launched coordinated strikes against three Iranian nuclear facilities, marking its first direct military involvement in the ongoing Iran-Israel conflict.

Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious

On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content

On June 10, 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the

On June 10, 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in

On June 4, 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most

On June 2, 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe

On May 28, 2025, ConnectWise published an advisory disclosing suspicious activity within its environment, attributed to a sophisticated nation-state threat actor known for intelligence collection.

On May 21, 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the

Update – Fixes are now available for the high-severity path traversal zero-day vulnerability, now tracked as CVE-2025-4632, in Samsung MagicINFO 9 Server. Arctic Wolf had

On May 13, 2025, SAP released a security advisory for CVE-2025-42999, a deserialization of untrusted data vulnerability in the NetWeaver Visual Composer component. This follows

On May 13, 2025, Ivanti released patches addressing multiple vulnerabilities across its products. The most severe issues include an unauthenticated remote code execution exploit chain

On May 13, 2025, Microsoft released its May 2025 security update, addressing 78 newly disclosed vulnerabilities. Arctic Wolf has highlighted six of these vulnerabilities in

On May 13, 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The

Update – Since our last security bulletin, Commvault has clarified that being on versions 11.38.20 or 11.38.25 alone is not sufficient—particular updates within those versions

Update – Recent reports confirm that the previously recommended fixed version (21.1050) of Samsung MagicINFO 9 Server remains vulnerable to a vulnerability being exploited in the wild.

On May 7, 2025, watchTowr publicly disclosed technical details and a proof-of-concept (PoC) exploit for a pre-authenticated Remote Code Execution (RCE) chain affecting SysAid On-Premises,

May 2 Updates: On May 1, 2025, CISA updated the Known Exploited Vulnerability (KEV) catalog with both vulnerabilities. On May 2, 2025, watchTowr Labs released

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is

We have published a new security bulletin detailing the newly clarified fixed versions of Commvault Command Center. On April 24, 2025, watchTowr published technical details

On April 16, 2025, fixes were released for a maximum severity vulnerability in Erlang/OTP SSH, CVE-2025-32433. Erlang/OTP SSH is a library within the Erlang/OTP platform,

On April 15, 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for

Arctic Wolf has observed an uptick in activity from the Silent Ransom Group, a cybercriminal group first identified in 2020 and notorious for its targeted

On April 8, 2025, Microsoft released its April 2025 security update, addressing 126 newly disclosed vulnerabilities. Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows

On April 3, 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows