October 27, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Oct 27, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:36 [CAMPAIGN] New ClickFix Variant Uses Fake Fullscreen Windows Update
This campaign uses an updated lure combination of a Cloudflare turnstile and fake Windows update before socially engineering the victim into pasting malicious commands into the run dialogue box.

02:37 [MALWARE] POLAREDGE BotNet
Sekoia has released a detailed technical analysis of the POLAREDGE botnet which it initially reported on earlier this year. The botnet is spread by exploiting vulnerabilities, most notably CVE-2023-20118 in cisco routers; however, other samples from the same family have been seen exploiting routers from other vendors such as Asus, QNAP and Synology.

04:26 [CAMPAIGN] GLASSWORM Supply Chain Attack on OpenVSX and VSCode
A new code repository supply chain attack has been reported , similar to Shai-Hulud, that saw a self-replicating worm steal credentials and exfiltrate data whilst publicly posting collected tokens and secrets to GitHub.

08:25 [RANSOMWARE] Ransomware Roundup Weekly Statistics (18 - 24 October 2025)
The following are weekly statistics for victim ransomware posts with the data sourced from Ransomware.live.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.