October 13, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Oct 13, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:50 [MALWARE] New Versions of Popular Malware as a Service (MaaS) Released in Run Up to Holiday Season
In the last few weeks, Kroll has observed a number of new and updated malware as a service (MaaS) operations launching new versions of their malware.

03:49 [VULNERABILITY] Critical Remote Code Execution in Redis via Lua Use-After-Free
A critical vulnerability has been identified in Redis, allowing authenticated users to execute arbitrary code on the host system

06:02 [CAMPAIGN] KTA517 (AKA Bat Shadow) JobSeeker Targeting Malware Campaign
A new campaign has been identified from threat actor KTA517 (AKA BatShadow). The campaign targeted digital marketing professionals. The group posing as recruiters distributed ZIP archives containing malicious files masquerading as job descriptions.

07:57 [THREAT ACTOR ACTIVITY] Roundup of Microsoft Teams Targeting
Microsoft has provided an insight into how Microsoft Teams has been observed to be targeted at every stage of the attack chain. They warn that as the application is becoming more key across organizations, it is increasingly becoming an attractive target for attackers.

10:01 [RANSOMWARE] KTA321 (Medusa) Exploits GoAnyWhere MFT Vulnerability
A security advisory has been released alerting to a critical deserialization vulnerability in GoAnyWhere MFT’s License Servlet. The vulnerability, enables the usage of a forged license response signature to bypass signature verification.

Dive deeper:
Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report
Kroll’s 2025 Threat Landscape Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/threat-landscape-report-lens-on-crypto
Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber
Kroll Cyber Threat Intelligence: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports
Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.