Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing has been a mainstay of cybercrime for decades – and for good reason. Threat actors continually evolve their phishing tactics, techniques, and procedures (TTPs), adapting the method with new tools and technologies to ensure it remains highly effective. IT leaders have become especially attractive targets: their privileged access amplifies the impact of a successful compromise.

The World Economic Forum (WEF) recently published an article on cyber resilience that resonates with conversations we have daily at Arctic Wolf. Their central argument — that organizations need to move beyond basic prevention toward comprehensive, measurable resilience — reflects what we’re hearing from business leaders across industries.

On November 11, 2025, SAP published a security advisory as part of their November security patches, addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.0. The vulnerability involves hard-coded credentials, which exposes system resources to unauthorized users and allows threat actors to execute arbitrary code without authentication.

Arctic Wolf’s The State of Cybersecurity: 2025 Trends Report revealed that 23% of organizations experienced at least one significant ransomware attack in 2024. And these attacks remain difficult for organizations to remediate without succumbing to threat actor demands, with the same report finding 76% of victim organizations are electing to pay the ransom to regain access to their data and environment.

In today’s evolving threat landscape, a stack of security tools isn’t enough. MSPs need a partner that helps them scale, differentiate, and deliver exceptional security outcomes. That’s why Arctic Wolf launched a purpose-built MSP program earlier this year, designed in close collaboration with our MSP partners to empower them to grow faster and more profitably.

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community)

On October 23, 2025, Microsoft released an out-of-band security update for a critical vulnerability tracked as CVE-2025-59287. The flaw stems from the deserialization of untrusted data in Windows Server Update Services (WSUS), which allows remote, unauthenticated threat actors to achieve remote code execution by sending a crafted event. According to Microsoft, only Windows servers with the WSUS Server Role enabled are affected. This feature is not enabled by default.

Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB) steganography to conceal.NET payloads within image files hosted on legitimate platforms.

Stopping a cyber incident and restoring operations requires more than technology — it depends on having the right plans, people, and processes working together under pressure. Effective incident response (IR) readiness helps position your organization to act with precision to contain threats, prevent escalation, and return to normal operations quickly. A cornerstone of a mature IR strategy is the tabletop exercise.

Positive security outcomes don’t happen by chance — they result from a culture in which security is ingrained and embodied within and by everyone, from the executives through the employees. Training staff to recognize phishing lures, MFA bombs, and other common — and unfortunately, effective — social engineering techniques is a cost-effective way to improve an organization’s resilience.