Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the summer of 2024, a Russian ransomware gang launched an attack on a UK pathology services provider. However, the group didn’t just encrypt the organization’s data and demand a ransom. It exfiltrated data from more than 300 million patient interactions with the National Health Service (NHS), and when the victim organization refused to pay the hefty ransom, the group released all the stolen data on the dark web.

The best security outcomes come from the intersection of security expertise and the ability to act based on risk levels. At Arctic Wolf, we are laser focused on security outcomes for the security leaders and teams across our solutions — Arctic Wolf Managed Detection and Response (MDR), Aurora Endpoint Security, Arctic Wolf Managed Risk, Arctic Wolf Managed Security Awareness , Arctic Wolf Incident Response, as well as risk transfer with the Arctic Wolf Security Operations Warranty.

The world of cybersecurity doesn’t lack for acronyms. Whether it’s protocols and standards or tools and technology, the market is dominated by an endless array of capital letters.

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.

On April 24, 2025, watchTowr published technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Commvault Command Center, CVE-2025-34028, which had been disclosed earlier in April. Commvault Command Center is a web-based interface used to manage data protection, backup, and recovery operations across enterprise environments.

Imagine a scenario where an employee receives an email from a colleague, asking for login credentials to a valuable application within their organization. The recipient, perhaps busy with other tasks or not fully paying attention, quickly replies with the needed credentials. However, the sender was not actually a colleague, but a threat actor posing as a colleague. As a result, the now-compromised credentials enable the threat actor to launch a subsequent attack on the organization.

On April 16, 2025, fixes were released for a maximum severity vulnerability in Erlang/OTP SSH, CVE-2025-32433. Erlang/OTP SSH is a library within the Erlang/OTP platform, typically used in telecommunications, messaging, IoT, and distributed applications. CVE-2025-32433 allows unauthenticated remote threat actors to achieve remote code execution (RCE) in the SSH daemon. The issue arises due to a flaw in SSH protocol message handling, which permits the sending of protocol messages before authentication.

On April 15, 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for the vulnerability, SonicWall indicated on April 15, 2025 that the vulnerability was being exploited in the wild. The vulnerability was added to CISA’s known exploited vulnerabilities (KEV) catalog the following day.

Threat actors don’t just try to gain access to an organization by targeting a single area of their environment. In today’s complex, connected IT environments, threat actors are utilizing multiple techniques, maneuvering through various parts of an organization’s attack surface, and launching sophisticated attacks across multiple components of the IT environment – from identity to endpoint to the cloud and beyond.

Arctic Wolf has observed an uptick in activity from the Silent Ransom Group, a cybercriminal group first identified in 2020 and notorious for its targeted cyber extortion campaigns driven by financial gain. This week, the group has been targeting the legal industry using “call-back” phishing tactics. The group sends emails impersonating services such as Duolingo or Masterclass, claiming a pending charge and urging recipients to call a phone number to resolve the issue.