Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Critical Remote Code Execution Vulnerability in libssh2 Client Library Require Urgent Mitigation

A suite of severe vulnerabilities has been disclosed in libssh2 (an SSH client library widely embedded in software such as curl, Git GUI clients, PHP, backup tools, and many IoT/embedded devices). The most critical, CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2’s ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length.

CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caused by improper validation of OpenID Connect (OIDC) token signatures. When OIDC is configured with group-authenticated login settings, unauthenticated attackers can forge identity tokens to bypass multi-factor authentication and gain privileged technician-level access to vulnerable SimpleHelp servers — without valid credentials.

From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks

Throughout 2026, Arctic Wolf has investigated multiple Anubis ransomware intrusions. Although threat actor tradecraft differs between intrusions, key themes have emerged: abuse of VPN infrastructure, blending in with legitimate activity through the use of Remote Monitoring and Management (RMM) solutions, and using other legitimate binaries on victim devices.

AWS Summit 2026: Autonomous Security Is Here. Turning It Into Outcomes Requires a New Operating Model

At the recent AWS Summits in New York and Toronto, Arctic Wolf was present to hear AWS introduce a set of security capabilities built to run continuously and act at machine speed. New approaches to vulnerability management, deeper integration of security into development workflows, and expanded context through knowledge mapping all point in the same direction: Security operations are becoming persistent, automated, and increasingly driven by AI.

Extending Cyber Resilience to Mobile with Aurora Mobile Threat Defense

Mobile devices have become one of the most dynamic, and most exposed, parts of the modern attack surface. They access sensitive data, connect to untrusted networks, and rely heavily on third-party applications. Yet in many organizations, mobile security still lags behind traditional endpoint protection. Mobile device management (MDM) solutions help enforce configuration and compliance, but they were never designed to detect and respond to modern threats.

Gain an Advantage with Aurora Managed Endpoint Defense

Endpoint attacks rarely appear in a single alert. Instead, they surface as a sequence of signals that require rapid investigation and response. For many teams, the challenge is not detection. It is having the time and expertise to investigate, validate, and then act. Arctic Wolf Aurora Managed Endpoint Defense addresses this by combining endpoint detection and response with expert Arctic Wolf analysts who take on the operational burden.

Delivering Context and Speed for Security Operations with Aurora Security Assistant

Security operations teams are facing a familiar, but growing, challenge. As threat actors leverage AI and automation to move faster, alerts continue to expand in volume and complexity. Even mature security teams struggle to keep up with investigation timelines, maintain institutional knowledge, and ensure consistent response quality. At the same time, buyers are demanding more from their security platforms. They want solutions that go beyond detection.

The Howler Episode 31 - Trisha Farrow

This month, we sit down with Trisha Farrow, our Senior Vice President of People and Facilities. In this episode, Trisha Farrow shares the heart behind her leadership—why human connection, courage, and curiosity matter more than ever in a fast-changing world. From building inclusive cultures to navigating AI in HR, she offers a powerful perspective on what it really means to lead people, not just processes.

Inside FortiBleed: Reverse Engineering the CyberStrike Harvester Behind a Global FortiGate Credential Factory

FortiBleed is a large-scale credential compromise campaign that targets internet-facing Fortinet FortiGate firewalls and SSL VPN gateways. The campaign does not depend on a malware payload; instead, it uses a credential pipeline that utilizes credential stuffing, password spraying, configuration harvesting, offline cracking, and post-authentication capture processing.

AI Export Controls and the Risk of Slowing Down Defense

The Trump administration has ordered Anthropic to restrict access to its most advanced AI models, Fable 5 and Mythos 5, citing national security concerns. Officials raised the possibility that these systems could be used by foreign actors to identify software vulnerabilities or support cyber attacks.

The Howler Episode 31 - Trisha Farrow

This month, we sit down with Trisha Farrow, our Senior Vice President of People and Facilities. In this episode, Trisha Farrow shares the heart behind her leadership—why human connection, courage, and curiosity matter more than ever in a fast-changing world. From building inclusive cultures to navigating AI in HR, she offers a powerful perspective on what it really means to lead people, not just processes.

Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries

In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries.

Your Attack Surface Is Bigger Than You Think: Insights from the Arctic Wolf 2026 State of the Cybersecurity Attack Surface Report

Most security teams aren’t naive to the growing risk in their environment, but because of high event volume and asset visibility gaps, emerging risk dynamics have become increasingly challenging to act on. Arctic Wolf’s latest State of the Cybersecurity Attack Surface report puts real data behind the challenge.

AI, Security, and the Reality of Machine-Speed Risk

The recent White House executive order on advancing artificial intelligence innovation and security sends a clear signal about how leaders are framing the future. What stands out most in the executive order is the recognition that AI and cybersecurity are now inseparable. One cannot succeed without the other. While national security is a prominent example, this convergence extends to every organization that depends on digital systems.

Turning Asset Visibility Into Risk Reduction

Most vulnerability programs rely on scanning known assets and ranking findings based on static severity scores. That model breaks down quickly in modern environments. Asset lists are constantly changing, devices move between networks, workloads shift into cloud platforms, and unmanaged systems appear outside traditional inventory controls. When asset visibility is incomplete, vulnerability data is incomplete as well. The result is predictable. Prioritization becomes inconsistent.

Arctic Wolf Observes an Increase in Palo Alto Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257

In late May and early June 2026, Arctic Wolf began observing increased exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect and Prisma Access. The increase in CVE-2026-0257 exploitation began on May 30, 2026, following a smaller initial wave that had taken place between May 17 and May 21.

Frontier AI Explained: A Guide to What Mythos, GPT 5.5-Cyber, MDASH, and CodeMender Really Do

The cybersecurity industry is entering a new phase of AI adoption. Frontier AI models are increasingly capable of identifying vulnerabilities, investigating threats, analyzing code, and accelerating security operations at machine speed. At the same time, innovation is moving rapidly. New models, platforms, and security-focused AI initiatives are emerging across the market, each pushing the boundaries of how AI can be applied to real-world cybersecurity workflows.

Endpoint Security Built for Outcomes, Not Noise

Endpoint security has become one of the most difficult layers of the modern security stack to operate effectively. Endpoints sit at the intersection of user behavior, identity compromise, phishing, ransomware, and hands‑on‑keyboard activity. At the same time, attackers increasingly rely on fileless techniques, memory abuse, and legitimate tooling to evade signature‑based defenses.

Closing the Gap Between Vulnerability Detection and Real Risk Reduction

Security teams are not struggling to find vulnerabilities. They are struggling to deal with them in a way that actually reduces risk. Most environments generate thousands of new findings every month. While vulnerability scanners, cloud tools, and endpoint platforms all contribute, that data does not come together in a way that is actionable. Teams end up with long lists of vulnerabilities, limited context, and no clear way to determine what should be fixed first.

Home-Field Disadvantage: AiTM, QR-Code Phishing, and Infostealers at the 2026 FIFA World Cup

The 2026 FIFA World Cup is a once-in-a-generation opportunity, and threat actors have already begun capitalizing on it. The 2026 FIFA World Cup, set to kick off on June 11, has already broken records for the most host nations, the most matches, and the highest amount of prize money to date for winning teams. Arctic Wolf set out to proactively investigate the criminal ecosystem surrounding the tournament.

How Aurora Managed Endpoint Defense Combines Experts and Technology to Simplify Security

In this demo, Aurora Managed Endpoint Defense shows how human expertise and EDR work together to rapidly detect, investigate, and respond to threats; giving customers stronger protection, faster results, and improved security posture.

The Hidden Economics of the Agentic SOC

The conversation around AI in cybersecurity is changing. The first question was whether AI could help security teams move faster. It can. AI-led security operations can accelerate investigations, correlate signals, reduce manual work, and help defenders respond at the speed modern threats demand. But as AI moves from experimentation into production, the next question becomes harder: can organizations operate it at scale without creating a new cost problem?

Aurora Mobile Threat Defense - Addressing Your HighestTrusted, Least Protected Endpoints

Mobile devices are becoming the highest‑trusted endpoints that are the least protected. They approve logins. They hold authentication apps. They carry email, collaboration, and business applications. And they travel everywhere your workforce travels: across corporate networks, home Wi‑Fi, airports, hotels, and cafés. That combination (high trust plus constant movement) is why mobile has become such a reliable entry point for credential theft and account takeover.

From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services

In our previous post, Token Bingo: Don’t Let Your Code Be the Winner, we documented Kali365, a phishing-as-a-service (PhaaS) kit abusing Microsoft’s OAuth 2.0 device authorization flow to steal Entra ID tokens. In this follow-up report, we track the same operator into new territory as they expand their operation and infrastructure.

How Aurora Managed Endpoint Defense Combines Experts and Technology to Simplify Security

In this demo, Aurora Managed Endpoint Defense shows how human expertise and EDR work together to rapidly detect, investigate, and respond to threats; giving customers stronger protection, faster results, and improved security posture.

Arctic Wolf Product Updates: May 2026

Security teams are being asked to operate at machine speed while still making decisions they can trust. Attackers move faster. Exposure changes continuously. Manual workflows struggle to keep up. Following the recent announcement of the Aurora Superintelligence Platform and Aurora Agentic SOC, Arctic Wolf continues to advance its portfolio with new capabilities that help teams see risk clearly, prioritize what matters, and act with confidence.