Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On August 5, 2025, Trend Micro released a short-term mitigation tool addressing two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Apex One. These flaws affect the on-premise Apex One Management Console and have been exploited in the wild. Both stem from a command injection issue that allows unauthenticated, remote threat actors to execute arbitrary code on vulnerable systems. While the vulnerabilities are similar, they differ based on the targeted CPU architectures.

The cybersecurity industry is intensely competitive. Thousands of vendors are locked in a daily battle for market share, deploying technologies that can become outdated almost as quickly as they’re released. But unlike most industries, we’re not just competing with each other. We’re also up against a shared adversary. So, here’s the uncomfortable question: if our real fight is against attackers, why aren’t we doing more to work together?

In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases, available evidence points to the existence of a zero-day vulnerability.

Imagine: A newly acquired dataset is being prepared for use as a vector database to retrieve information, create recommendation systems, be used for threat detection or similarity-based alert triage. During integration, however, operational challenges surface. Platform constraints prevent full-scale ingestion, prompting an arbitrary reduction in the size of the dataset. As a result, performance degrades significantly.

The world is going cashless. The Federal Reserve reported that cash was used in just 16% of all U.S. transactions in 2024. And that number is expected to continue to decline. The widespread use of credit and debit cards, plus the rise of digital wallets and contactless payments, have reshaped the financial landscape, increasing flexibility as well as financial protection. However, it’s also increased the levels of fraud.

Cyber attacks aren’t a question of if, but when. Yet for many midmarket and small enterprises, the tools and models to prepare for these threats have long been out of reach — often too complex, expensive, or ineffective. Traditional incident response (IR) retainers, designed for a different era, have only added to this challenge by creating financial and operational uncertainty when organizations need clarity the most.

On July 23, 2025, Mitel released fixes for a critical authentication bypass vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE, a communication platform used for enterprise voice and collaboration services. The vulnerability allows unauthenticated remote threat actors to gain unauthorized access to publicly exposed Mitel voice systems and access user or administrator accounts due to improper access controls.

The Arctic Wolf Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of precision-guided missile systems. The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems.

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.

In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. This vulnerability affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.