Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security Bulletin: GitHub Impersonation Deploys Information Stealer

Arctic Wolf Internal Security Operations (SecOps) recently identified a GitHub page impersonating Arctic Wolf to target our customers and prospects. The SecOps team immediately escalated these findings to our Threat Research team, who uncovered a complex attack chain subsequently deploying information-stealing malware. Arctic Wolf has since removed this fake GitHub page.

Critical Remote Code Execution Vulnerability in libssh2 Client Library Require Urgent Mitigation

A suite of severe vulnerabilities has been disclosed in libssh2 (an SSH client library widely embedded in software such as curl, Git GUI clients, PHP, backup tools, and many IoT/embedded devices). The most critical, CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2’s ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length.

CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caused by improper validation of OpenID Connect (OIDC) token signatures. When OIDC is configured with group-authenticated login settings, unauthenticated attackers can forge identity tokens to bypass multi-factor authentication and gain privileged technician-level access to vulnerable SimpleHelp servers — without valid credentials.

From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks

Throughout 2026, Arctic Wolf has investigated multiple Anubis ransomware intrusions. Although threat actor tradecraft differs between intrusions, key themes have emerged: abuse of VPN infrastructure, blending in with legitimate activity through the use of Remote Monitoring and Management (RMM) solutions, and using other legitimate binaries on victim devices.

AWS Summit 2026: Autonomous Security Is Here. Turning It Into Outcomes Requires a New Operating Model

At the recent AWS Summits in New York and Toronto, Arctic Wolf was present to hear AWS introduce a set of security capabilities built to run continuously and act at machine speed. New approaches to vulnerability management, deeper integration of security into development workflows, and expanded context through knowledge mapping all point in the same direction: Security operations are becoming persistent, automated, and increasingly driven by AI.

Extending Cyber Resilience to Mobile with Aurora Mobile Threat Defense

Mobile devices have become one of the most dynamic, and most exposed, parts of the modern attack surface. They access sensitive data, connect to untrusted networks, and rely heavily on third-party applications. Yet in many organizations, mobile security still lags behind traditional endpoint protection. Mobile device management (MDM) solutions help enforce configuration and compliance, but they were never designed to detect and respond to modern threats.

Gain an Advantage with Aurora Managed Endpoint Defense

Endpoint attacks rarely appear in a single alert. Instead, they surface as a sequence of signals that require rapid investigation and response. For many teams, the challenge is not detection. It is having the time and expertise to investigate, validate, and then act. Arctic Wolf Aurora Managed Endpoint Defense addresses this by combining endpoint detection and response with expert Arctic Wolf analysts who take on the operational burden.

Delivering Context and Speed for Security Operations with Aurora Security Assistant

Security operations teams are facing a familiar, but growing, challenge. As threat actors leverage AI and automation to move faster, alerts continue to expand in volume and complexity. Even mature security teams struggle to keep up with investigation timelines, maintain institutional knowledge, and ensure consistent response quality. At the same time, buyers are demanding more from their security platforms. They want solutions that go beyond detection.

Inside FortiBleed: Reverse Engineering the CyberStrike Harvester Behind a Global FortiGate Credential Factory

FortiBleed is a large-scale credential compromise campaign that targets internet-facing Fortinet FortiGate firewalls and SSL VPN gateways. The campaign does not depend on a malware payload; instead, it uses a credential pipeline that utilizes credential stuffing, password spraying, configuration harvesting, offline cracking, and post-authentication capture processing.

AI Export Controls and the Risk of Slowing Down Defense

The Trump administration has ordered Anthropic to restrict access to its most advanced AI models, Fable 5 and Mythos 5, citing national security concerns. Officials raised the possibility that these systems could be used by foreign actors to identify software vulnerabilities or support cyber attacks.