September 2, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Sep 2, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:42 [VULNERABILITY] Critical Zero-day Affecting NetScaler ADC and NetScaler Gateway
Citrix has identified multiple vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The highest severity vulnerability is CVE-2025-7775, which carries a CVSS of 9.2 (CRITICAL). The vulnerability is noted to be a memory overflow vulnerability leading to remote code execution and/or denial of service.

03:16 China Nexus Captive Portal Hijack
Google Threat Intelligence Group (GTIG) detailed a campaign it attributes to the China nexus threat actor KTA494 (AKA UNC6384) targeting diplomats in Southeast Asia and some non-specified entities in other locations.

05:15 ZipLine Campaign
Check Point Research detailed a new phishing campaign where the actor uses “contact us” webforms to trick victims into establishing contact with them, increasing the perceived legitimacy of the communication.

06:27 [RANSOMWARE] PromptLock Ransomware
ESET discovered what it is calling the “first known AI-powered ransomware,” named PromptLock. The malware generates Lua scripts from hard-coded LLM prompts fed into OpenAI’s gpt-oss-20b model interfaced through Ollama.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.