August 11, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Aug 11, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:44 [UPDATE] SonicWall Devices Exploited to Deploy AKIRA Ransomware
Key Takeaways:

  • Threat actors are attacking exposed SonicWall devices to gain initial access and deploy AKIRA ransomware.
  • SonicWall has updated their advisory on August 7 to state the intrusions are related to a vulnerability addressed in 2024, but some instances were not remediated correctly before an upgrade to Gen7.

04:27 [VULNERABILITY] Dell ControlVault3 "ReVault" Firmware Flaws
A recently reported vulnerability dubbed "ReVault" affects multiple Dell products. ControlVault3, marketed as a secure enclave for credentials and biometric data, is compromised through flaws in its Broadcom BCM5820X firmware. Attackers can leverage deserialization weaknesses (CVE-2025-24919) via Windows APIs to execute arbitrary code, enabling cryptographic key theft and firmware modification.

06:13 [MALWARE] PLAGUE Backdoor
Security researchers at Nextron Systems discovered a previously undocumented Linux backdoor named "PLAGUE," which operates as a malicious Pluggable Authentication Module (PAM). The researchers noted that anti-virus engines on the Virus Total platform were not detecting the samples as malicious.

07:30 [MALWARE] Rise in MESHAGENT Usage
Kroll has recently observed an increase in the use of MESHAGENT as a remote management tool by threat actors. MESHAGENT is a lightweight remote management agent and part of the publicly available MeshCentral project. It allows administrators to manage and control endpoints remotely over the internet with minimal setup.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.