How to Use Arctic Wolf's Cyber Resilience Assessment
Learn how Arctic Wolf's Cyber Resilience Assessment can help you assess, plan and communicate your organization's security posture.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation
On April 3, 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows remote unauthenticated threat actors to achieve remote code execution (RCE) and has been exploited in the wild. At the time of writing, exploitation has only been observed in Connect Secure, not Policy Secure or ZTA Gateway.
CVE-2025-31161: Exploitation of Critical Authentication Bypass Vulnerability in CrushFTP
On March 21, 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC) exploit has been made publicly available, and the CrushFTP CEO has confirmed observing customer compromises via CVE-2025-31161.
Securing AI Against Evolving Threats
Arctic Wolf is an AI-powered security operations provider, which gives our organization advanced insights into the emerging threats inherent in being an early adopter of the more recent techniques. However, Arctic Wolf is not the only one turning to AI. A third of technology leaders reported that AI was already fully integrated into their products and services. This statistic will grow as major tech companies like Microsoft and Google invest billions of dollars into AI infrastructure..
CVE-2025-1974: Critical Unauthenticated RCE Vulnerability in Ingress NGINX for Kubernetes
On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters.
The Howler - Episode 17: Kerri Shafer Page, Vice President of Incident Response
This month, we sit down with Kerri Shafer-Page, Vice President of Incident Response, as she shares a peak behind the curtain of the day-to-day of her and her team, reflections on being a woman in tech, and so much more! Kerri Shafer-Page serves as the Vice President of Digital Forensics and Incident Response at Arctic Wolf. A proven leader in threat identification, IT security and data privacy incident response and mitigation, Kerri has served in leadership roles at IBM and AIG, overseeing incident response and cybersecurity claims.
Alleged Oracle Cloud Supply Chain Attack: Six Million Records Stolen, 140K Companies Affected
On March 20, 2025, a Breach Forums user, “rose87168,” claimed to have stolen six million records from Oracle Cloud’s SSO and LDAP services and offered the data for sale or in exchange for zero-day exploits. Breach Forums is a known marketplace for cybercriminals to trade stolen data and exploits.
CVE-2025-23120: Critical Remote Code Execution Vulnerability in Veeam Backup & Replication
On March 19, 2025, Veeam published a security advisory for a critical severity vulnerability impacting their Backup & Replication software. The advisory did not provide technical details regarding the vulnerability, although it did mention that it could be exploited by authenticated domain users.
Widespread Fake CAPTCHA Campaign Delivering Malware
Arctic Wolf has recently observed a campaign in which threat actors are compromising widely used websites across various industries and embedding a fake CAPTCHA challenge. When victims visit the site, they are presented with the CAPTCHA challenge or redirected to a site that provides instructions, triggering PowerShell code execution and ultimately leading to the loading of information stealer malware.
INDOHAXSEC - Emerging Indonesian Hacking Collective
During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist collective calling themselves “INDOHAXSEC” that has been active within this region.