November 03, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers:

00:00 – Intro

00:50 [Vulnerability] CVE 2025 59287 - Windows Server Update Service Vulnerability Under Active Exploitation
A critical remote code execution vulnerability in the Windows Server Update Services (WSUS) server role tracked as CVE 2025 59287 (CVSS: 9.8) addressed in the October patch cycle is under active exploitation.

03:15 [THREAT ACTOR ACTIVITY] Extraction of Microsoft Teams Access Tokens
Researchers at RandoriSec produced a report on the current state of Microsoft Teams Access Token theft, a tactic that has been used by many threat actor groups to move laterally within environments and assist in internal phishing attacks.

06:45 [MALWARE] ATROPOSIA Malware as a Service
Varonis detailed a new Malware-as-a-Service that they named ATROPOSIA.
ATROPOSIA is a remote access trojan (RAT) with a feature set common to many modern RATs

08:50 [RANSOMWARE] QILIN RaaS Increase in Activity
The QILIN ransomware group has seen an uptick in activity. Since January 2025, the group has affected more than 700 victims across 62 countries.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats