Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.

For Managed Service Providers (MSPs), ransomware attacks aren’t just a security issue, they’re a business-killing risk. In 2020, the average cost of downtime caused by ransomware was $274,200 — nearly double what it was the year before. Now, imagine you’re an MSP responsible for multiple clients, each relying on your service for their critical operations.

As cyber risk leaders are called to balance the responsibility of managing risk in the face of both broader attack surfaces and increased regulatory and budgetary scrutiny, prioritization of work is everything. Cybersecurity resources are finite, while the vulnerabilities and threats just keep growing. The best way for modern security programs to keep up is by directing resources to the risks that matter most to their specific organizations.

In this post, we introduce our “Adversarial AI Explainability” research, a term we use to describe the intersection of AI explainability and adversarial attacks on Large Language Models (LLMs). Much like using an MRI to understand how a human brain might be fooled, we aim to decipher how LLMs can be manipulated.

In today’s era, where the digital landscape is as critical as the physical, the urgency to adapt and reinforce our cybersecurity infrastructure is more pressing than ever. For government operations, where data breaches and cyberattacks frequently make the headlines, adopting a whole-of-state approach to cybersecurity isn’t just a precaution—it’s a strategic imperative to protect our communities and safeguard our future.

Elastic’s piped query language, ES|QL, brings joins to the party Threat hunters rejoice! Have you been looking for a way to join data with the speed and power of Elastic? Well, we heard you! Elastic can now join data sources with a new function for the piped query language, ES|QL (Elasticsearch Query Language). This will enable robust searches that range from advanced behavior detections to alert triage and of course, threat hunting.

Although cyber threat intelligence has become increasingly important in the modern era, driven by the exponential rise in cybercrime and global dependence on digital infrastructure, the foundational concept of threat intelligence is not a recent development. In 2024, just over four in ten businesses (43%) and three in ten charities (30%) reported experiencing some form of cybersecurity breach or attack in the previous 12 months, highlighting the scale of today’s threat landscape.

Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. This post will tell you what device code phishing is and how to defend against it. Here are some other related reports involving the recently reported device code phishing attacks.

Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point. The researchers note that threat actors often take advantage of high-profile tragedies and crises to exploit victims’ emotions. “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI,” the researchers write.

Black Friday is retail’s biggest moment—and retail IT’s biggest challenge. Spikes in traffic, strained systems, and the constant fear of outages turn what should be a commercial win into an operational war room. For many retailers, it’s a time of sleepless nights, emergency vendor calls, and systems pushed to their breaking point. But it doesn’t have to be this way.