October 20, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Oct 20, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:47 [PATCHING] Microsoft Patch Tuesday Addresses 184 Issues, Three Zero-Days
Microsoft has fixed 184 vulnerabilities in October’s patch cycle and Microsoft Edge releases.

02:38 [CAMPAIGN] F5 Networks Breached by Nation State Actor
A state-linked actor infiltrated F5 Networks internal systems and maintained persistent access reportedly for over 12 months, exfiltrating source code, proprietary BIG-IP build artifacts, unpatched vulnerability data and some customer configuration files.

04:55 [THREAT ACTOR ACTIVITY] KTA375 in Year-long Compromise
A campaign has been uncovered from a Chinese nexus APT group, KTA375 AKA Flax Typhoon, where the actor maintained the compromise for more than a year, using an ArcGIS system as a backdoor for network access

06:35 [THREAT ACTOR ACTIVITY] TIGERJACK Target Developers via Malicious Extensions via VSCode and OpenVSX
Threat actor TIGERJACK has been identified for targeting developers by uploading malicious extensions to Microsoft’s Visual Studio Code (VSCode) marketplace and the OpenVSX registry.

07:59 [THREAT ACTOR ACTIVITY] TA585 Using ClickFix to Deliver MONSTERV2
A new ransomware campaign has been discovered that has utilized the popular technique ClickFix to deliver the MONSTERV2 Remote Access Trojan (RAT).

09:36 [RANSOMWARE] Ransomware Roundup 11-17 October
Weekly stats for ransomware posts, including the most prevalent threat actors, as well as the top sectors and countries targeted.

11:01 [RANSOMWARE] DRAGONFORCE Inviting New Researchers and Collaborators to Join Operations
The ransomware group DRAGONFORCE or KTA276 is currently drawing attention to a new operational development by announcing a new publicly available registration panel.

Dive deeper:
Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cybe...
Kroll’s 2025 Threat Landscape Report: https://www.kroll.com/en/reports/cybe...
Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber
Kroll Cyber Threat Intelligence: https://www.kroll.com/en/reports/cybe...
Kroll Responder MDR: https://www.kroll.com/en/services/cyb...

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.