Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software vulnerabilities are an unfortunate reality of enterprise IT. New vulnerabilities are being discovered all the time, and while most will never be exploited by an adversary, without a program to quickly discover and remediate high-priority vulnerabilities, organizations are putting themselves at risk.

As of early May 2025, Arctic Wolf has observed exploitation in the wild of CVE-2024-7399 in Samsung MagicINFO 9 Server—a content management system (CMS) used to manage and remotely control digital signage displays. The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files.

Between April and May 2025, several large UK retailers were impacted by security incidents which resulted in the disruption of their operations. Arctic Wolf is monitoring the threat landscape for new indicators of compromise related to Scattered Spider and DragonForce, and will alert Managed Detection and Response customers if any malicious activity is observed.

As part of our ongoing tracking of the threat actor TA4557 (also known as Venom Spider), the Arctic Wolf Labs team discovered a new campaign targeting corporate human resources departments and recruiters. The threat group uses phishing techniques to drop an enhanced version of a potent backdoor called More_eggs onto victim devices.

If your organization is considering a threat detection solution, chances are good that you are wondering about EDR vs. MDR. The constant evolution of the cybersecurity marketplace can make it difficult for organizations to understand the differences and capabilities between different types of security offerings.

In a previous security bulletin sent by Arctic Wolf on April 17, 2025, we advised of a credential access campaign targeting SonicWall SMA devices along with remediation guidance. As of April 29, 2025, SonicWall has updated their advisories for several vulnerabilities that are now linked to ongoing exploitation in the threat landscape.

In the summer of 2024, a Russian ransomware gang launched an attack on a UK pathology services provider. However, the group didn’t just encrypt the organization’s data and demand a ransom. It exfiltrated data from more than 300 million patient interactions with the National Health Service (NHS), and when the victim organization refused to pay the hefty ransom, the group released all the stolen data on the dark web.

The best security outcomes come from the intersection of security expertise and the ability to act based on risk levels. At Arctic Wolf, we are laser focused on security outcomes for the security leaders and teams across our solutions — Arctic Wolf Managed Detection and Response (MDR), Aurora Endpoint Security, Arctic Wolf Managed Risk, Arctic Wolf Managed Security Awareness , Arctic Wolf Incident Response, as well as risk transfer with the Arctic Wolf Security Operations Warranty.

The world of cybersecurity doesn’t lack for acronyms. Whether it’s protocols and standards or tools and technology, the market is dominated by an endless array of capital letters.

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.