Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With the rise of hybrid work and software-as-a-service (SaaS) applications for core business functions, as well as the near ubiquity of the cloud, organizations’ attack surfaces are no longer easily defined. In many cases, they are rapidly expanding. This presents both new opportunities for threat actors and new challenges for security teams, giving rise to a new tactic for security posture improvement — attack surface management.

Since its introduction into cybersecurity in the late 1980s as a tool for detecting unusual activity, artificial intelligence (AI) has grown in popularity and functionality, with a major surge of adoption happening in the past few years, thanks to its growing ability to perform tasks faster and more accurately than humans. However, AI has never operated in isolation; it has always relied on human input. And any advanced technology that requires human input can be used for both good and bad.

Ransomware-as-a-service is a business model where ransomware operators and third parties, called “affiliates,” work together to launch ransomware attacks. RaaS was first identified in 2012 with the Reveton ransomware strain, and in the subsequent decade it has exploded into a sophisticated and ever-evolving cybercrime tactic.

On March 4, 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft, range in severity from high to critical. Details of the exploitation have not been revealed at this time, and Arctic Wolf has not identified a public Proof-of-Concept (PoC) exploit.

On or around February 25, 2025, a threat actor claiming to be associated with the BianLian ransomware group began using the United States Postal Service (USPS) to send physical ransom letters to executives, primarily within the US healthcare sector. Notably, when compared with historical BianLian communications and ransom notes, the physical ransom letters are drastically different in word usage and tone.

Arctic Wolf has recently observed a campaign targeting the healthcare sector, where victims visiting the widely used physical therapy video site HEP2go are redirected to a fake CAPTCHA webpage when they attempt to visit multiple parts of the website. This CAPTCHA provides instructions that trigger PowerShell code execution and the eventual loading of infostealer malware.

One of the largest data breaches of 2024 didn’t require advanced tactics, techniques, and procedures (TTPs), or an escalating chain of successful attacks. It simply required purchasing credentials on the dark web and using them to log in and steal data, once again highlighting the vital need for robust, proactive protection against the growing surge of identity-based attacks.

On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities are tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, allowing a remote unauthenticated attacker to leak sensitive information via a path traversal. They share the same underlying issue, which results from an unauthenticated endpoint failing to validate input.

On February 12, 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The vulnerability was responsibly disclosed to Palo Alto Networks by Assetnote, who published a blog article with technical details about how to exploit the vulnerability the same day it was disclosed. Since then, proof-of-concept exploit code has emerged publicly.

Cyber attacks are increasing in frequency and severity, with the trend ticking upward year after year. As the volume of attacks continues to rise and threat actors work to evade cybersecurity measures, organizations are increasingly adopting a strategy that helps minimize the effects of a potential breach – risk transfer.