Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our second guest is Denyl Green, Managing Director in the Cyber Risk business, based in Portland. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: Proof of Concept Exploit Released for CVE-2025-32756 Further to Kroll reporting in May regarding a critical zero-day vulnerability, CVE-2025-32756 in Fortinet, is now being actively exploited in the wild, with attackers using a crafted AuthHash cookie to gain control of affected systems.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our first guest is Katherine Keefe, Managing Director and Global Cyber Insurance Lead. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: MATLAB dev confirms ransomware attack behind service outage MathWorks, the developer of the popular MATLAB numeric computing platform and the Simulink simulation, has disclosed it suffered a ransomware attack beginning on May 18, 2025. The attack impacted online applications used by customers as well as internal staff systems.

This week’s briefing covers: Joint Cybersecurity Advisory released on KTA007 (APT28) A joint advisory has been released warning of Russian-attributed threat actors targeting western logistics entities and technology companies since 2022. Microsoft leads global action to disrupt LUMMASTEALER Microsoft’s Digital Crimes Unit has recently seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of LUMMASTEALER infrastructure.

This week’s briefing covers: Coinbase Insider Threat Leads to Theft of Customer Data Coinbase has released a blog post and filed an SEC Form 8-K reporting an incident whereby they received an email attempting to extort the company for $20m. According to the post, the threat actors approached customer support staff and “used cash offers to convince a small group of insiders to copy data in our customer support tools”. Stolen data includes personal details including identity documents and account data include balance and transaction history.

This week’s briefing covers: Software Supply Chain Attack on Golang Leads to Wiper Malware A supply-chain attack has been discovered that targeted Linux servers through malicious Golang modules, mimicking legitimate modules, that were posted on GitHub. Continued Exploitation of Critical SAP NetWeaver Critical Vulnerability Further to Kroll’s reporting in previous weeks regarding active exploitation of CVE-2025-31324, a critical vulnerability that allows a threat actor to execute code remotely.

The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out Threat-Led Penetration Testing (TLPTs) on a regular basis. However, the skills required along with the planning for these types of exercises can prove difficult and time consuming. During this session, Kroll brings together our red teaming, threat intelligence and DORA regulatory compliance experts to provide practical guidance on how security, risk and resiliency leaders can adopt a sustainable threat-led penetration testing (TLPT) program as required by DORA.