December 8, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Dec 8, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

01:19 [VULNERABILITY] Microsoft Outlook "MonikerLink" Remote Code Execution
Security researchers have disclosed a critical flaw in Microsoft Outlook, nicknamed MonikerLink. The vulnerability allows attackers to execute arbitrary code on target systems simply by sending specially crafted emails.

03:19 [CAMPAIGN] ShadyPanda Seven Year Browser Extension Campaign
Koi Security has reported on an intrusion set it is identifying as ShadyPanda, who ran a long-running campaign using browser extensions for Google Chrome and Microsoft Edge. Over the years, they built a large user base with what appeared to be harmless wallpaper or productivity extensions before they were weaponized in mid-2024 after legitimate use.

06:20 [CAMPAIGN] MuddyWater (KTA060) Targeting Critical Infrastructure
ESET documented a new KTA060 (AKA MuddyWater) campaign targeting organizations in Israel and Egypt. KTA060 is a cyberespionage group that commonly targets critical infrastructure.

07:06 [CAMPAIGN] TOMIRIS (KTA525) TTP Updates
KTA525, tracked externally as TOMIRIS, has been updating tactics, techniques, and procedures. This has occurred as KTA525’s targets have appeared to shift towards government and intergovernmental organizations, which is best served by establishing of long term persistence.

09:32 Europol Dismantles Major Crypto Laundering Hub: Cryptomixer
Europol-led Operation Olympia, supported by law enforcement from Germany and Switzerland, successfully shut down the cryptocurrency mixing service Cryptomixer between November 24 and 28.
Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.