On March 4, 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft,
On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January.? The vulnerabilities
On February 12, 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The
On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw
On February 11, 2025, Microsoft released its February 2025 security update, addressing 63 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities in this security
On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly
On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is
On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a
On January 14, 2025, Microsoft released its January 2025 security update, addressing 159 newly disclosed vulnerabilities. Arctic Wolf has highlighted six vulnerabilities in this security
On January 14, 2025, Fortinet published a security advisory for CVE-2024-55591, an authentication bypass using an alternate path or channel vulnerability in FortiOS and FortiProxy.
On January 13, 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS¡¯s
On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and
Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors
On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after
On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw,
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public
On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products.? This vulnerability allowed
On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. The vulnerability in
On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could
On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has
Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin.? On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting
On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing.
Click?here?for more information regarding our observations of these vulnerabilities being actively exploited.? On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed
Update (11/20/2024): Another follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 18,
Update (11/18/2024): A follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 14,
On November 12, 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were
On November 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE)
On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks
On November 1, 2024, details of a critical vulnerability affecting Synology NAS devices, which had been patched a few days earlier, were publicly disclosed. This
On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own
