Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf entered 2025 with momentum and a clear focus: advancing security operations in ways that deliver measurable outcomes for organizations facing an increasingly complex threat environment. As the year comes to a close, we’re building on that momentum — strengthening our platform, expanding globally, and laying the foundation for what comes next in 2026.

Following Cyberint’s acquisition by Check Point at the end of 2024, we’ve only accelerated across our platform and services. This year-in-review highlights the biggest achievements of 2025, spanning AI innovation, huge advancements in threat intelligence, brand protection, and attack surface management, global coverage and most importantly customer impact.

We’re excited to share new updates and enhancements for December, including: For more info on these updates, see the list below and read the detailed articles. Please join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of patching together “best of breed” or point AppSec solutions is no longer sustainable.

Most teams treat an app release as the finish line. The build clears CI/CD checks. Security scans pass. The app ships. Celebrations follow. But for mobile apps, the real exposure often begins after release, inside app stores, where metadata lives a completely different lifecycle from your code. App store listings are not static assets. They evolve constantly: What your team approved on day one may look very different to users on day ten.

Attackers don’t need to breach your infrastructure to harm your users. They don’t need source code access, credentials, or backend vulnerabilities. They just need your public APK. Once your app is publicly available, attackers can download it, decompile it, inject malicious code, repackage it, and redistribute it through third-party app stores and unofficial marketplaces.

Brand abuse in app stores is no longer opportunistic. It has become repeatable, scalable, and persistent. Attackers do not publish one fake app and disappear. They operate in cycles. A fake app is uploaded, value is extracted, a takedown occurs, and a near-identical version reappears under a new developer identity. This loop runs continuously across regions, marketplaces, and distribution channels. For security teams, this changes the mandate.

CVE-2025-14847, nicknamed MongoBleed, is a high-severity (CVSS 7.5–8.7) unauthenticated information disclosure vulnerability in MongoDB Server. It allows remote attackers to leak uninitialized heap memory containing sensitive data—such as credentials, API keys, session tokens, and PII—without authentication. Exploitation occurs pre-authentication via malformed zlib-compressed network packets on port 27017.

Most people know the old fairy tale of the boy who cried wolf. Every day, the little shepherd would scream from the top of his hill, “A wolf is chasing the sheep!” While villagers initially responded to the alarm, they soon realized that the boy was lying to them. In the end, when a wolf truly did chase the sheep, no one heeded the boy’s cry.

This growing exposure is reflected in real-world threat data. The Huntress 2025 Cyber Threat Report found that the education sector accounted for 21% of all cyber incidents observed last year, underscoring how frequently schools and universities are targeted. The report also highlights a strong presence of automated and data-driven attacks, with malicious scripts making up 24% of education-focused threats, followed by infostealers (16%), malware (13%), and ransomware (7%).