Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

kroll

The Rapid Evolution of CLEARFAKE Delivery

Apr 29, 2025 By Kroll In Kroll
Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.
Read Post

April 28, 2025 Cyber Threat Intelligence Briefing

Apr 28, 2025 By Kroll In Kroll
This week’s briefing covers: POC Exploit Released for Erlang CVSS 10 Vulnerability The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. NTLM Hash Leaking Vulnerability Actively Exploited Checkpoint researchers report that they have detected active exploitation of CVE-2025-24054, a hash disclosure via spoofing vulnerability that was patched as part of Microsoft’s March patching cycle.
View Video

April 22, 2025 Cyber Threat Intelligence Briefing

Apr 22, 2025 By Kroll In Kroll
This week’s briefing covers: Palo Alto Confirms Brute Force Campaign Against PAN-OS Devices Worldwide Following Kroll's previous bulletin highlighting a report from GreyNoise indicating a large uptick in activity targeting Palo Alto devices, it has been confirmed that Palo Alto has detected an ongoing campaign to brute force login credentials to PAN-OS devices.
View Video

April 14, 2025 Cyber Threat Intelligence Briefing

Apr 14, 2025 By Kroll In Kroll
This week’s briefing covers: Fortinet Warns of Active Exploitation of Known Vulnerabilities Fortinet has identified a post-exploitation technique used by threat actors targeting known, unpatched vulnerabilities in FortiGate devices. The threat actor leveraged a symbolic link trick to maintain read-only access to FortiGate devices, even after the original access vector was remediated.
View Video

April 07, 2025 Cyber Threat Intelligence Briefing

Apr 7, 2025 By Kroll In Kroll
This week’s briefing covers: North Korean Fake Workers Expand to European Organizations Kroll has previously reported on the growing scale of the DPRK IT worker fraud scheme where the U.S. was a key focus, with some Southeast Asian countries also seeing fraudulent activity. It has since been reported that an increase in active operations in Europe has been observed—a notable expansion since its beginnings in 2024.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.