Arctic Wolf
Coverage of Arctic Wolf in the Nexus archive.
- Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are exploiting a patched security flaw in FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware. Arctic Wolf reported that the campaign used trusted endpoint management infrastructure to deliver malware across managed endpoints, disguising the payload as a Fortinet endpoint update.
- FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale
The FBI has warned about Kali365, a phishing-as-a-service platform that steals Microsoft OAuth tokens at scale, allowing attackers to bypass multi-factor authentication and gain unauthorized access to corporate accounts. The kit uses AI-generated phishing lures impersonating trusted services like DocuSign and SharePoint, and employs both device code phishing and adversary-in-the-middle techniques. Kali365 operates on a tiered subscription model and was first spotted in April 2026.
- Arctic Wolf kicks 250 employees out of the pack to save money for AI
Arctic Wolf laid off 250 employees to invest more in AI and position the company for long-term strategy. The layoffs represent less than 10 percent of the total workforce. The company aims to operate more efficiently and deliver strong value to customers.