Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

2025 Year in Review: Building the Future of Security Operations

Dec 31, 2025 By Nick Schneider In Arctic Wolf
Arctic Wolf entered 2025 with momentum and a clear focus: advancing security operations in ways that deliver measurable outcomes for organizations facing an increasingly complex threat environment. As the year comes to a close, we’re building on that momentum — strengthening our platform, expanding globally, and laying the foundation for what comes next in 2026.
Read Post
Arctic Wolf

CVE-2025-14847: MongoBleed Information Disclosure Vulnerability Exploited in the Wild

Dec 29, 2025 By Julian Tuin In Arctic Wolf
On December 19, 2025, MongoDB issued an advisory for CVE-2025-14847, known as “MongoBleed,” a high-severity vulnerability in the server’s zlib-based network compression functionality. This vulnerability affects how the database handles compressed network communications and can cause it to accidentally leak sensitive information from its memory when abused by unauthenticated threat actors. The problem occurs when MongoDB receives a specially crafted message.
Read Post
Arctic Wolf

CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

Dec 19, 2025 By Julian Tuin In Arctic Wolf
On December 17, 2025, Cisco published an advisory detailing a new threat campaign identified on December 10, affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The campaign is exploiting an unpatched zero-day vulnerability, which only affects deployments with the Spam Quarantine feature enabled. It allows threat actors to execute arbitrary commands with root privileges on affected devices. This feature is not enabled by default.
Read Post
Arctic Wolf

CVE-2025-14733: WatchGuard Firebox iked Out of Bounds Write Vulnerability Exploited in the Wild

Dec 19, 2025 By Andres Ramos In Arctic Wolf
On December 18, 2025, WatchGuard released fixes for CVE-2025-14733, a critical out-of-bounds write vulnerability in the Internet Key Exchange daemon (iked) process used to establish VPN tunnels in Fireware OS, which powers Firebox firewall appliances. Exploitation of this vulnerability allows a remote, unauthenticated threat actor to execute arbitrary code. WatchGuard has confirmed in-the-wild exploitation in their advisory.
Read Post
Arctic Wolf

CVE-2025-40602: SonicWall Releases Fix for SMA1000 Privilege Escalation Zero-Day Under Active Attack

Dec 17, 2025 By Andres Ramos In Arctic Wolf
On December 17, 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602. The vulnerability allows local threat actors to escalate privileges due to insufficient authorization in the SMA1000 AMC and does not affect SSL VPN functionality on SonicWall firewalls.
Read Post
Arctic Wolf

New Attack Technique "ConsentFix" Hijacks OAuth Consent Grants

Dec 16, 2025 By Andres Ramos In Arctic Wolf
On December 11, 2025, Push Security published research detailing a newly observed browser-based phishing technique called ConsentFix. The name ConsentFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages. ConsentFix, enables threat actors to gain cloud account access without capturing passwords, multifactor authentication (MFA) codes, or other credentials by abusing legitimate OAuth authentication and consent flows.
Read Post
Arctic Wolf

How To Reduce Risk This Holiday Season

Dec 16, 2025 By Adam Marrè In Arctic Wolf
The holiday season is traditionally a period of goodwill, gift giving, and time with loved ones, but if you are responsible for your enterprise’s cyber defenses it’s also a time when you should have a heightened awareness of cyber risk. Cybercriminals often treat this time of year as a prime opportunity to exploit the unprepared and unwary.
Read Post
Arctic Wolf

Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719

Dec 15, 2025 By Arctic Wolf Labs In Arctic Wolf
In December 12, 2025, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Fortinet had previously released an advisory for two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) on December 9, 2025. Arctic Wolf had also sent out a security bulletin for the vulnerabilities shortly thereafter.
Read Post

The Howler Episode 25 - Susan Corcoran, Chief Accounting Officer

Dec 15, 2025 By Arctic Wolf Networks In Arctic Wolf
This month, we sit down with Susan Corcoran, Chief Accounting Officer, as she unpacks common misconceptions about accounting, takes us on her journey from Minnesota dairy farm to London then back to Minnesota, and so much more! With nearly two decades of experience, spanning Deloitte and United Health Group, Susan Corcoran has led everything from SEC reporting to global accounting strategy. Now she's steering Arctic Wolf's financial integrity and compliance at the highest level as Chief Accounting Officer.
View Video

How to Prevent Fileless and In-Memory Attacks with Aurora Endpoint Defense

Dec 12, 2025 By Arctic Wolf Networks In Arctic Wolf
See how Aurora Endpoint Defense prevents advanced memory and script-based attacks before they disrupt your business. Using Alpha AI, Aurora Endpoint optimizes threat detection and response while reducing analyst workload resulting in stronger protection and less operational strain.
View Video
Arctic Wolf

CVE-2025-59718 and CVE-2025-59719: FortiCloud SSO Login Authentication Bypass

Dec 10, 2025 By Julian Tuin In Arctic Wolf
On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these vulnerabilities allow an unauthenticated threat actor to bypass FortiCloud SSO login authentication via a crafted SAML message if the feature is enabled on the device. Fortinet states that FortiCloud SSO login is disabled by default in factory settings.
Read Post
Arctic Wolf

CVE-2025-55182: Critical Remote Code Execution Vulnerability Found in React Server Components

Dec 4, 2025 By Stefan Hostetler In Arctic Wolf
On December 3, 2025, the React team released fixes for a maximum severity vulnerability in React Server Components (RSC). The vulnerability, tracked as CVE-2025-55182, stems from unsafe handling of serialized DOM elements, allowing for remote code execution in React 19 and other frameworks built on top of it, such as Next.js 15–16. The vulnerability was responsibly disclosed to React as part of a bug bounty program and is not known to be actively exploited in the wild at this time.
Read Post

How Arctic Wolf Delivers Managed Detection and Response with Broad Visibility and Proactive Security

Dec 3, 2025 By Arctic Wolf Networks In Arctic Wolf
In this Managed Detection and Response overview, we see how Arctic Wolf delivers 24x7 monitoring, broad visibility, response capabilities and proactive security recommendations to our customers leveraging their existing security tools and the Aurora Platform.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.