One of the largest data breaches of 2024 didn’t require advanced tactics, techniques, and procedures (TTPs), or an escalating chain of successful attacks. It simply required purchasing credentials on the dark web and using them to log in and steal data, once again highlighting the vital need for robust, proactive protection against the growing surge of identity-based attacks.

On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities are tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, allowing a remote unauthenticated attacker to leak sensitive information via a path traversal. They share the same underlying issue, which results from an unauthenticated endpoint failing to validate input.

On February 12, 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The vulnerability was responsibly disclosed to Palo Alto Networks by Assetnote, who published a blog article with technical details about how to exploit the vulnerability the same day it was disclosed. Since then, proof-of-concept exploit code has emerged publicly.

Cyber attacks are increasing in frequency and severity, with the trend ticking upward year after year. As the volume of attacks continues to rise and threat actors work to evade cybersecurity measures, organizations are increasingly adopting a strategy that helps minimize the effects of a potential breach – risk transfer.

On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw in the SSLVPN authentication mechanism in SonicOS, the operating system used by SonicWall firewalls. Shortly after the PoC was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape.

Threat intelligence, also referred to as cyber threat intelligence (CTI), is evidence-based data that’s been collected from a variety of sources, processed, and analyzed to help both organizations and individuals understand recent cyber attacks as well as threat actors’ motivations, tactics, behaviors, and potential next steps.

Through a marketplace on the dark web, a threat actor is able to purchase leaked credentials for the email account of an executive at an organization.

Today, Arctic Wolf successfully completed the acquisition of BlackBerry’s Cylance endpoint security assets. With this acquisition, we are thrilled to welcome hundreds of new partners and thousands of customers to The Pack. Additionally, we are excited to welcome almost 400 new employees who will join Arctic Wolf offices around the globe.