July 14, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Jul 14, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:41 [PATCHING] Microsoft Patch Tuesday Addresses 133 Issues, 0 Zero-Days
Microsoft has fixed 133 vulnerabilities in July’s patch cycle and Microsoft Edge releases.

02:10 [CAMPAIGN] DPRK Threat Actor Targets Web3 and Crypto Platforms with Nim-Based Malware Called NIMDOOR
A North Korean (DPRK) threat actor group has recently been targeting companies in the Web3 and cryptocurrency industries, with a special focus on those using macOS systems with a Nim-based malware called NIMDOOR.

03:17 [CAMPAIGN] Marks and Spencer Attack Update
Kroll Threat Intelligence tracked and reported on Marks and Spencer (M&S) recently being the target of cyber security incidents linked to KTA243 (Scattered Spider) as well as KTA276 (DragonForce).

04:39 [VULNERABILITY] CISA Known Vulnerability Catalogue update
CISA has added four vulnerabilities to its known exploited vulnerabilities catalog for frequent attack vectors. The vulnerabilities listed are notable for their age, with the oldest being from 2014. This could indicate that a significant number of organizations are not patching appropriately or continue to use applications that are either no longer updated or have been discontinued.

05:19 [MALWARE] Threat Actors abuse leaked SHELLTER red team tool to deploy infostealers
The framework is designed to enable red teams to deploy payloads stealthily within legitimate Windows binaries, evading contemporary anti-malware solutions. SHELLTER features static evasion through polymorphism, and dynamic runtime evasion via AMSI, ETW, anti-debug/VM checks, call stack and module unhooking avoidance, and decoy execution.

07:04 [MALWARE] KTA442 (BERT Ransomware)
KTA442 affects both Windows and Linux systems, using PowerShell loaders and multi-threaded encryption to maximize impact and evade detection.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.