Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 06, 2025 Cyber Threat Intelligence Briefing

May 6, 2025 By Kroll In Kroll
This week’s briefing covers: UK Defence Contractors Warn Staff Against Chinese EVs UK defence firms, including Lockheed Martin and Thales, have advised staff against connecting mobile phones to Chinese-made electric vehicles (EVs) due to concerns over potential espionage and data theft. These vehicles, equipped with cameras, microphones, and internet connectivity, could be exploited by hostile states to collect sensitive information.
View Video
kroll

PDFast But Luckily Not So Furious

May 2, 2025 By Kroll In Kroll
Beginning in early April 2025, Kroll has observed a large wave of malicious activity surrounding "PDFast" software. Initial access for the campaign appeared to begin either through a new install of the application, through drive-by compromise on the site pdf-fastcom, or via pre-installed versions of the application that have since been updated with a malicious version.
Read Post
kroll

The Rapid Evolution of CLEARFAKE Delivery

Apr 29, 2025 By Kroll In Kroll
Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.
Read Post

April 28, 2025 Cyber Threat Intelligence Briefing

Apr 28, 2025 By Kroll In Kroll
This week’s briefing covers: POC Exploit Released for Erlang CVSS 10 Vulnerability The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. NTLM Hash Leaking Vulnerability Actively Exploited Checkpoint researchers report that they have detected active exploitation of CVE-2025-24054, a hash disclosure via spoofing vulnerability that was patched as part of Microsoft’s March patching cycle.
View Video

April 22, 2025 Cyber Threat Intelligence Briefing

Apr 22, 2025 By Kroll In Kroll
This week’s briefing covers: Palo Alto Confirms Brute Force Campaign Against PAN-OS Devices Worldwide Following Kroll's previous bulletin highlighting a report from GreyNoise indicating a large uptick in activity targeting Palo Alto devices, it has been confirmed that Palo Alto has detected an ongoing campaign to brute force login credentials to PAN-OS devices.
View Video

April 14, 2025 Cyber Threat Intelligence Briefing

Apr 14, 2025 By Kroll In Kroll
This week’s briefing covers: Fortinet Warns of Active Exploitation of Known Vulnerabilities Fortinet has identified a post-exploitation technique used by threat actors targeting known, unpatched vulnerabilities in FortiGate devices. The threat actor leveraged a symbolic link trick to maintain read-only access to FortiGate devices, even after the original access vector was remediated.
View Video

April 07, 2025 Cyber Threat Intelligence Briefing

Apr 7, 2025 By Kroll In Kroll
This week’s briefing covers: North Korean Fake Workers Expand to European Organizations Kroll has previously reported on the growing scale of the DPRK IT worker fraud scheme where the U.S. was a key focus, with some Southeast Asian countries also seeing fraudulent activity. It has since been reported that an increase in active operations in Europe has been observed—a notable expansion since its beginnings in 2024.
View Video

March 24, 2025 Cyber Threat Intelligence Briefing

Mar 24, 2025 By Kroll In Kroll
March 24, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: KTA134 (BLACKBASTA) Chats Suggests Help From Russian Officials Upon review of leaked chat logs, it appears that KTA248 (Oleg Nefedov, GG, Tramp, Kurva) was able to evade trial by eliciting the help of Russian government officials. Supply Chain Attack Leaks Secrets from GitHub A supply chain attack on the popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets over the weekend.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.