Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.

This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.

This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.

This week’s briefing covers: Dive deeper.

This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.

This week’s briefing covers: BruteForce Attack Against Apache TomCat Manager GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, GreyNoise registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our second guest is Denyl Green, Managing Director in the Cyber Risk business, based in Portland. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: Proof of Concept Exploit Released for CVE-2025-32756 Further to Kroll reporting in May regarding a critical zero-day vulnerability, CVE-2025-32756 in Fortinet, is now being actively exploited in the wild, with attackers using a crafted AuthHash cookie to gain control of affected systems.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our first guest is Katherine Keefe, Managing Director and Global Cyber Insurance Lead. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: MATLAB dev confirms ransomware attack behind service outage MathWorks, the developer of the popular MATLAB numeric computing platform and the Simulink simulation, has disclosed it suffered a ransomware attack beginning on May 18, 2025. The attack impacted online applications used by customers as well as internal staff systems.