Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 23, 2025, Microsoft released an out-of-band security update for a critical vulnerability tracked as CVE-2025-59287. The flaw stems from the deserialization of untrusted data in Windows Server Update Services (WSUS), which allows remote, unauthenticated threat actors to achieve remote code execution by sending a crafted event. According to Microsoft, only Windows servers with the WSUS Server Role enabled are affected. This feature is not enabled by default.

Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB) steganography to conceal.NET payloads within image files hosted on legitimate platforms.

Stopping a cyber incident and restoring operations requires more than technology — it depends on having the right plans, people, and processes working together under pressure. Effective incident response (IR) readiness helps position your organization to act with precision to contain threats, prevent escalation, and return to normal operations quickly. A cornerstone of a mature IR strategy is the tabletop exercise.

Positive security outcomes don’t happen by chance — they result from a culture in which security is ingrained and embodied within and by everyone, from the executives through the employees. Training staff to recognize phishing lures, MFA bombs, and other common — and unfortunately, effective — social engineering techniques is a cost-effective way to improve an organization’s resilience.

In my experience as an FBI agent and security leader, I’ve found that technology alone does not keep us safe. The human element, including our behaviors, our habits, and our decisions, is an ever-present and unpredictable variable in our layers of security. The Arctic Wolf 2025 Human Risk Behavior Snapshot: 2nd Edition brings this into sharp focus, revealing a landscape where employee actions and leadership overconfidence are creating a perfect storm for breaches.

On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.

The identity attack surface is expanding faster than ever. Every new cloud application, remote login, and digital touchpoint creates another entryway threat actors can exploit, targeting the very credentials that give employees, customers, and partners access to critical systems. One of the top, tried-and-true identity attack techniques threat actors have utilized with great success is called an account takeover.

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. As of October 8, 2025, the investigation has concluded and SonicWall has updated their advisory accordingly.