Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

Jun 26, 2025 By Arctic Wolf Labs In Arctic Wolf
The Arctic Wolf Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities. It has transitioned the malware from a basic browser data stealer (which we’re referring to as v1), through two new upgrades (v1.2 and v1.3) into a robust intelligence-gathering tool. Analysis of early files from February 2025 suggests that the GIFTEDCROOK project began as a demo during that period.
Read Post
Arctic Wolf

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Jun 26, 2025 By Andres Ramos In Arctic Wolf
On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not require each other to be exploited.
Read Post
Arctic Wolf

Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora Endpoint Defense

Jun 25, 2025 By Arctic Wolf In Arctic Wolf
In the ever-evolving cybersecurity landscape, staying ahead of emerging threats is a constant challenge. Traditional endpoint detection and response (EDR) solutions often suffer from alert noise, rule complexity, and slow adaptation to new attack techniques. That’s why Arctic Wolf is excited to introduce the Behavioral Detection Engine — an advanced detection and response framework embedded within Aurora Focus, the EDR module of Aurora Endpoint Defense.
Read Post
Arctic Wolf

CVE-2025-5777: Critical Information Disclosure Vulnerability "Citrix Bleed 2" in Citrix NetScaler ADC and Gateway

Jun 25, 2025 By Andres Ramos In Arctic Wolf
On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation.
Read Post
Arctic Wolf

Four Ways to Prevent Credential Theft and Credential-Based Attacks

Jun 20, 2025 By Mike McCleary In Arctic Wolf
When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In turn, credential theft has risen as a low-tech way for threat actors to gain easy access to target environments.
Read Post
Arctic Wolf

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

Jun 17, 2025 By Andres Ramos In Arctic Wolf
On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as WT-2025-0024, WT-2025-0025, and WT-2025-0032 by watchTowr and impact Sitecore XP versions 10.1 through 10.4.
Read Post
Arctic Wolf

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Jun 17, 2025 By Julian Tuin In Arctic Wolf
Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious phone calls from unidentified individuals claiming to be doctors who had forgotten their password. When the callers were confronted with a request to verify their identities, including first name and department affiliation, the suspicious callers disconnected.
Read Post

Alpha AI: The Apex of SOC Intelligence

Jun 16, 2025 By Arctic Wolf Networks In Arctic Wolf
Arctic Wolf is redefining cybersecurity with AI-powered innovations that help businesses stay ahead of evolving threats. By combining human expertise, the power of the Aurora Platform, and one of the industry’s largest security data sets, Alpha AI makes security simpler, faster, and more effective. Watch Dan Schiappa, President of Technology and Services, and Ian McShane, Vice President of Product, as they share how Arctic Wolf’s latest AI advancements are helping more than 10,000 organizations make security work.
View Video
Arctic Wolf

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

Jun 13, 2025 By Andres Ramos In Arctic Wolf
On June 10, 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote code execution (RCE), and one enables authentication bypass. The vulnerabilities were responsibly disclosed by the Zero Day Initiative (ZDI), a vulnerability research organization owned by Trend Micro.
Read Post
Arctic Wolf

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Jun 11, 2025 By Andres Ramos In Arctic Wolf
Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.
Read Post

The Howler Episode 19: Todd Warner, SVP of Customer Success

Jun 11, 2025 By Arctic Wolf Networks In Arctic Wolf
This month, we sit down with Todd Warner, Senior Vice President of Customer Success, as he shares the best leadership advice he's ever received, why he loves working in customer success, his love of swim spas, and much more! Todd Warner is the SVP of Customer Success at Arctic Wolf, where he focuses on taking care of our customers and leading the CS team. With 10+ years leading and building CS teams and 10+ years in various sales roles, he has learned the importance of listening to customers and working toward outcomes that best suit their needs.
View Video
Arctic Wolf

CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability

Jun 5, 2025 By Andres Ramos In Arctic Wolf
On June 4, 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most severe issue, CVE-2025-20286, affects cloud deployments of Cisco Identity Services Engine (ISE) on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
Read Post
Arctic Wolf

AI and Cybersecurity: Trends That Prove the Fundamentals Matter More Than Ever

Jun 4, 2025 By Dan Schiappa In Arctic Wolf
AI is not just reshaping cybersecurity. It is exposing where many organizations remain vulnerable. While attackers are racing ahead with AI-powered tools, too many defenders are still relying on outdated strategies, siloed data, and manual processes. In conversations with security leaders, I hear the same concern repeatedly. The anxiety is not just about AI-enhanced threats. It is about the growing sense that defenders are falling behind.
Read Post
Arctic Wolf

CVE-2025-37093: HPE Fixes Critical RCE Vulnerability in StoreOnce

Jun 4, 2025 By Andres Ramos In Arctic Wolf
On June 2, 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe of these was CVE-2025-37093, a critical authentication bypass vulnerability discovered by the Zero Day Initiative (ZDI). The flaw resides in the implementation of the machineAccountCheck method and stems from improper handling of an authentication algorithm.
Read Post
Arctic Wolf

What is Privileged Access Management?

Jun 4, 2025 By Arctic Wolf In Arctic Wolf
The management of user access to an organization’s assets, applications, and systems is never static. Users are coming and going, different roles require different access, and for some, privileged access – elevated permissions and access capabilities granted to specific users or groups of users — is needed for mission-critical business functions.
Read Post
Arctic Wolf

ConnectWise Breach Attributed to Nation-State Threat Actor

Jun 3, 2025 By Andres Ramos In Arctic Wolf
On May 28, 2025, ConnectWise published an advisory disclosing suspicious activity within its environment, attributed to a sophisticated nation-state threat actor known for intelligence collection. The activity reportedly affected a very small number of ScreenConnect customers, all of whom ConnectWise has directly contacted. Details remain limited as the investigation is ongoing.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.