Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

Shift Left With High-Potency Threat Intelligence for Prevention

Sep 17, 2025 By Arctic Wolf In Arctic Wolf
In today’s ever-evolving threat landscape, security teams are under pressure to detect and respond to threats faster than ever. With the overwhelming volume and manual effort required to operationalize security, many organizations struggle to stay ahead. Arctic Wolf Threat Intelligence is here to help change that, by providing high-fidelity, actionable insights that empower teams to shift left and prevent threats before they escalate.
Read Post
Arctic Wolf

How To Build Cyber Resilience

Sep 17, 2025 By Arctic Wolf In Arctic Wolf
Cyber threats are frequent, unpredictable, and indiscriminate—affecting organizations of every size and industry. For any organization, a cyber incident is a matter of “when,” not “if”. As such, businesses must be able to prepare for, respond to, and recover from incidents, and must continually refine these capabilities to stay ahead.
Read Post
Arctic Wolf

SonicWall Warns Customers of Data Exposure Incident Affecting MySonicWall Configuration Backup Files

Sep 17, 2025 By Julian Tuin In Arctic Wolf
On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. SonicWall states that after identifying the incident they began an investigation containing the incident, terminating the ‘unauthorized access point’, and working with law enforcement and select cybersecurity agencies globally.
Read Post
Arctic Wolf

CVE-2025-9242: Critical Unauthenticated Out-of-Bounds Write Vulnerability in WatchGuard Firebox

Sep 17, 2025 By Andres Ramos In Arctic Wolf
On September 17, 2025, WatchGuard released fixes for a critical out-of-bounds write vulnerability (CVE-2025-9242) in the iked process of WatchGuard Fireware OS, which powers their Firebox firewall appliances. This flaw allows a remote unauthenticated threat actor to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN with IKEv2 when configured with a dynamic gateway peer.
Read Post
Arctic Wolf

Wormable Malware Causing Supply Chain Compromise of npm Code Packages

Sep 16, 2025 By Arctic Wolf Labs In Arctic Wolf
On September 15, 2025, reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by malware as part of a broader supply chain attack affecting over 40 packages initially, with the number rising to more than 180 according to Aikido’s blog. Upon further investigation, the first malicious package that was identified as compromised in this campaign was rxnt-authentication, which was updated on September 14, 2025, at 17:58:50 UTC.
Read Post
Arctic Wolf

CVE202554236: Critical Adobe Commerce and Magento Open Source Flaw Allows Customer Account Takeover and RCE

Sep 10, 2025 By Andres Ramos In Arctic Wolf
On September 9, 2025, Adobe released an out-of-band security update to address a critical vulnerability in Adobe Commerce and Magento Open Source. The vulnerability, tracked as CVE-2025-54236 and referred to in open-source reporting as “SessionReaper,” allows a remote unauthenticated threat actor to take over customer accounts through the Commerce REST API.
Read Post

The Howler Episode 22: The Two Year Anniversary Special!

Sep 10, 2025 By Arctic Wolf Networks In Arctic Wolf
The Howler Podcast is two years old! In this special episode, Chelsea and Mary are joined by some surprise co-hosts as well as pack members from around the globe as they celebrate Arctic Wolf's one-of-a-kind culture. Interested in running with the pack? Explore careers at Arctic Wolf—one of the fastest-growing and exciting cybersecurity companies in the world, to learn about how you can join our Pack, create impact, and influence what’s next in security operations.
View Video
Arctic Wolf

CVE-2025-42944: Maximum-Severity OS Command Execution Vulnerability in SAP NetWeaver

Sep 9, 2025 By Andres Ramos In Arctic Wolf
On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.