Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving cybersecurity landscape, staying ahead of emerging threats is a constant challenge. Traditional endpoint detection and response (EDR) solutions often suffer from alert noise, rule complexity, and slow adaptation to new attack techniques. That’s why Arctic Wolf is excited to introduce the Behavioral Detection Engine — an advanced detection and response framework embedded within Aurora Focus, the EDR module of Aurora Endpoint Defense.

On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation.

When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In turn, credential theft has risen as a low-tech way for threat actors to gain easy access to target environments.

Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious phone calls from unidentified individuals claiming to be doctors who had forgotten their password. When the callers were confronted with a request to verify their identities, including first name and department affiliation, the suspicious callers disconnected.

On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as WT-2025-0024, WT-2025-0025, and WT-2025-0032 by watchTowr and impact Sitecore XP versions 10.1 through 10.4.

On June 10, 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote code execution (RCE), and one enables authentication bypass. The vulnerabilities were responsibly disclosed by the Zero Day Initiative (ZDI), a vulnerability research organization owned by Trend Micro.

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.

On June 4, 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most severe issue, CVE-2025-20286, affects cloud deployments of Cisco Identity Services Engine (ISE) on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).

AI is not just reshaping cybersecurity. It is exposing where many organizations remain vulnerable. While attackers are racing ahead with AI-powered tools, too many defenders are still relying on outdated strategies, siloed data, and manual processes. In conversations with security leaders, I hear the same concern repeatedly. The anxiety is not just about AI-enhanced threats. It is about the growing sense that defenders are falling behind.

On June 2, 2025, Hewlett Packard Enterprise (HPE) released fixes for multiple vulnerabilities affecting HPE StoreOnce VSA, an enterprise backup storage solution. The most severe of these was CVE-2025-37093, a critical authentication bypass vulnerability discovered by the Zero Day Initiative (ZDI). The flaw resides in the implementation of the machineAccountCheck method and stems from improper handling of an authentication algorithm.