As macOS becomes more prevalent in businesses, ensuring an application does not expose a user to vulnerabilities or your organization to business risk, is an important part of managing an organization’s risk. These apps often handle sensitive data, manage authentication and access system resources, making them attractive targets for cyber criminals to exploit. MacOS has unique security features that allow developers to build secure applications, but they must be correctly leveraged.

Trends observed by Kroll in Q4 confirm that 2024 was a year of fragmentation and fast-moving evolution for cyber threats, and they suggest that 2025 is likely to be similar. A key trend was the ongoing development of phishing techniques and approaches, as phishing’s continuation as a dominant method for initial access in 2024 illustrated. Aligning with trends from last year and previous years, professional services stands out as 2024’s most targeted sector.

Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

Organizations are under constant pressure to ensure that their security defenses adapt effectively to evolving threat actor methodologies. Extended detection and response (XDR) has the potential to significantly advance these efforts thanks to its ability to accelerate and streamline investigation, threat hunting and response. However, successfully adopting XDR to achieve comprehensive visibility demands some important considerations.

The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.

When it comes to security, 2024 was unfortunately a standout year for the healthcare sector. Kroll found that the healthcare industry was the most breached, had fairly immature incident response practices, and unfortunately suffered numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses.

The European Union’s (EU) AI Act (the Act) represents landmark artificial intelligence (AI) regulation from the EU designed to promote trustworthy AI by focusing on the impacts on people through required mitigation of potential risks to health, safety and fundamental rights. The Act introduces a comprehensive and often complex framework for the development, deployment and use of AI systems, impacting a wide range of businesses across the globe.

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences. Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks.

Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) Gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances. There are no confirmed reports of exploitation for Ivanti Policy Secure or ZTA Gateways. There is no indication that CVE-2025-0283 is actively exploited or chained.