July 28, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
July 21, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
Best Practices for Securing Operational Technology
Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective.
July 14, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
July 7, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.
Kroll Conversations: Meet the Breach Notification Experts
Getting back to business as usual after a data breach involves an array of legal, regulatory and reputational challenges. Enabling organizations to navigate these at pace is everyday life for Josh Toon and Dustin Roth.
June 30,2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper.
June 23, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.
The Invisible Threat: Rethinking OT Security for Clean Energy and National Infrastructure
A recent revelation of a Chinese-manufactured “kill switch” embedded in power inverters has reignited global conversations about cyber risk, supply chain vulnerabilities and geopolitical dependencies in the Operational Technology (OT) ecosystem.
June 16, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: BruteForce Attack Against Apache TomCat Manager GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, GreyNoise registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.