%term

Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

Jul 1, 2025 By Andres Ramos In Arctic Wolf

Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute-force and spearphishing techniques. Threat actors initially attempted to brute-force multiple user accounts. After those efforts were unsuccessful, they pivoted to spearphishing by sending spoofed emails that appeared to originate from internal users. These emails used the subject line “Reminder-Your-to-do-list” and contained a malicious.HTM attachment.

Read Post

Arctic Wolf

Read more about Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

How To Detect and Stop a Ransomware Attack

Jun 30, 2025 By Arctic Wolf In Arctic Wolf

Let’s start with the good news. Law enforcement organizations around the world have stepped up their efforts to find, stop, and arrest ransomware operators, shut down dark web markets, and close crypto mixers and tumblers that help threat actors launder their funds.

Read Post

Arctic Wolf

Read more about How To Detect and Stop a Ransomware Attack

GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

Jun 26, 2025 By Arctic Wolf Labs In Arctic Wolf

The Arctic Wolf Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities. It has transitioned the malware from a basic browser data stealer (which we’re referring to as v1), through two new upgrades (v1.2 and v1.3) into a robust intelligence-gathering tool. Analysis of early files from February 2025 suggests that the GIFTEDCROOK project began as a demo during that period.

Read Post

Arctic Wolf

Read more about GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Jun 26, 2025 By Andres Ramos In Arctic Wolf

On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not require each other to be exploited.

Read Post

Arctic Wolf

Read more about CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora Endpoint Defense

Jun 25, 2025 By Arctic Wolf In Arctic Wolf

In the ever-evolving cybersecurity landscape, staying ahead of emerging threats is a constant challenge. Traditional endpoint detection and response (EDR) solutions often suffer from alert noise, rule complexity, and slow adaptation to new attack techniques. That’s why Arctic Wolf is excited to introduce the Behavioral Detection Engine — an advanced detection and response framework embedded within Aurora Focus, the EDR module of Aurora Endpoint Defense.

Read Post

Arctic Wolf

Read more about Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora Endpoint Defense

CVE-2025-5777: Critical Information Disclosure Vulnerability "Citrix Bleed 2" in Citrix NetScaler ADC and Gateway

Jun 25, 2025 By Andres Ramos In Arctic Wolf

On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation.

Read Post

Arctic Wolf

Read more about CVE-2025-5777: Critical Information Disclosure Vulnerability "Citrix Bleed 2" in Citrix NetScaler ADC and Gateway

Four Ways to Prevent Credential Theft and Credential-Based Attacks

Jun 20, 2025 By Mike McCleary In Arctic Wolf

When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In turn, credential theft has risen as a low-tech way for threat actors to gain easy access to target environments.

Read Post

Arctic Wolf

Read more about Four Ways to Prevent Credential Theft and Credential-Based Attacks

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

Jun 17, 2025 By Andres Ramos In Arctic Wolf

On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as WT-2025-0024, WT-2025-0025, and WT-2025-0032 by watchTowr and impact Sitecore XP versions 10.1 through 10.4.

Read Post

Arctic Wolf

Read more about Pre-Authenticated RCE Chain Disclosed in Sitecore XP

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Jun 17, 2025 By Julian Tuin In Arctic Wolf

Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious phone calls from unidentified individuals claiming to be doctors who had forgotten their password. When the callers were confronted with a request to verify their identities, including first name and department affiliation, the suspicious callers disconnected.

Read Post

Arctic Wolf

Read more about Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Alpha AI: The Apex of SOC Intelligence

Jun 16, 2025 By Arctic Wolf Networks In Arctic Wolf

Arctic Wolf is redefining cybersecurity with AI-powered innovations that help businesses stay ahead of evolving threats. By combining human expertise, the power of the Aurora Platform, and one of the industry’s largest security data sets, Alpha AI makes security simpler, faster, and more effective. Watch Dan Schiappa, President of Technology and Services, and Ian McShane, Vice President of Product, as they share how Arctic Wolf’s latest AI advancements are helping more than 10,000 organizations make security work.

View Video

Arctic Wolf

Read more about Alpha AI: The Apex of SOC Intelligence

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

How To Detect and Stop a Ransomware Attack

GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Enhancing Detection and Security Efficacy with the Behavioral Detection Engine in Aurora Endpoint Defense

CVE-2025-5777: Critical Information Disclosure Vulnerability "Citrix Bleed 2" in Citrix NetScaler ADC and Gateway

Four Ways to Prevent Credential Theft and Credential-Based Attacks

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Alpha AI: The Apex of SOC Intelligence

Monthly Archive

Follow Us