Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 8, 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP or HTTPS requests, tracked as CVE-2025-25257. The flaw lies in the Graphical User Interface (GUI) component and stems from improper neutralization of special elements used in SQL statements. The vulnerability was discovered by a security researcher and responsibly disclosed to Fortinet.

On July 10, 2025, a technical article was published by Huntress revealing that a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812, had been actively exploited by threat actors as early as July 1, 2025. Details of the vulnerability had originally been published on June 30, 2025, providing a comprehensive breakdown of the flaw and how to exploit it.

Looking back at the early 2024 data breach at Change Healthcare — a provider of revenue and payment cycle management that connects payers, providers, and patients within the U.S. healthcare system — one key detail stands out: Initial access into the healthcare system’s network was much easier due to a lack of multi-factor authentication (MFA).

While it’s easy to look at the modern threat landscape as a cat-and-mouse game between sophisticated threat actors utilizing high-tech methods to hack their way into valuable systems, the reality can be far less dramatic, albeit equally as precarious.

On July 2, 2025, Cisco released a security advisory detailing a maximum severity vulnerability (CVE-2025-20309) in Cisco Unified Communications Manager and Unified Communications Manager SME Engineering Special, caused by hard-coded root SSH credentials that cannot be changed or removed.

Recent escalations involving the U.S. and Iran highlight an important reality: geopolitical tensions frequently extend into cyberspace. Cyber threat actors affiliated with or sympathetic to Iran are intensifying their efforts, increasing risks not only for U.S.-based organizations but also for companies across allied nations, particularly those with diplomatic, military, or critical infrastructure ties. Reflecting this elevated threat landscape, the U.S.

Since early June 2025, Arctic Wolf has observed a search engine optimization (SEO) poisoning and malvertising campaign promoting malicious websites hosting trojanized versions of legitimate IT tools such as PuTTY and WinSCP.