Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Webinar Replay - Navigating AI Governance In Retail: Lessons from Real-World Scenarios

As AI continues to innovate the retail industry in areas such as supply chain management, personalizing customer experience and data insights, businesses must navigate the complex challenges of data privacy, secure and compliant AI deployment and ethical use. During this briefing, Kroll experts highlighted the key steps for building a resilient AI Governance program using real-life use cases from the retail industry that will help not only to understand, implement and monitor responsible AI but clear the way for innovation to generate successful return on investment and build consumer trust.

Best Practices for Securing Operational Technology

Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective.

July 7, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.

June 23, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.