Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Organizations are under constant threat from vulnerabilities hidden deep within their own systems and applications. Uncovering these types of weaknesses before they lead to security issues such as malware, ransomware attacks and social engineering is a challenge that Jugal Bhatt and Jonathan Hosick take on every day.

Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective.

Getting back to business as usual after a data breach involves an array of legal, regulatory and reputational challenges. Enabling organizations to navigate these at pace is everyday life for Josh Toon and Dustin Roth.

A recent revelation of a Chinese-manufactured “kill switch” embedded in power inverters has reignited global conversations about cyber risk, supply chain vulnerabilities and geopolitical dependencies in the Operational Technology (OT) ecosystem.

The convergence of Building Automation and Control Systems (BACS) and smart building innovation within operational technology (OT) is helping to drive technological and environmental advances. However, it is also contributing to the emergence of significant security vulnerabilities and threats.

Preparing for risk is critical to ensuring organizational resilience, but what about the risks that can’t be planned for? Businesses frequently fall into the trap of strategizing only for known risks—those that are easily anticipated—while failing to recognize their blind spots in relation to unknown risk events.

During the investigation of a large-scale cryptocurrency theft, with total losses significantly exceeding USD 1 million spread across multiple currencies, Kroll researchers discovered two new pieces of malware. These pieces of malware ultimately led to deployment of Havoc C2’s agent, “Demon.”

Beginning in early April 2025, Kroll has observed a large wave of malicious activity surrounding "PDFast" software. Initial access for the campaign appeared to begin either through a new install of the application, through drive-by compromise on the site pdf-fastcom, or via pre-installed versions of the application that have since been updated with a malicious version.

Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.

A merger or acquisition is one of the most critical steps a company can take. However, alongside the opportunity it presents for business growth, it also poses significant security threats. A target company—or even its supply chain—may bring with it a host of hidden security risks.