Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 23, 2025 Cyber Threat Intelligence Briefing

Jun 23, 2025 By Kroll In Kroll
This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.
View Video
centripetal

Proof-of-Concept Exploit Observed for Critical Zero-Day

Jun 17, 2025 By Anna Balabushko In Centripetal
CVE-2025-32756 is a critical remote code execution (RCE) vulnerability affecting multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. The flaw arises from a stack-based buffer overflow in the handling of the AuthHash cookie’s enc parameter within the /remote/hostcheck_validate HTTP endpoint.
Read Post

June 16, 2025 Cyber Threat Intelligence Briefing

Jun 16, 2025 By Kroll In Kroll
This week’s briefing covers: BruteForce Attack Against Apache TomCat Manager GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, GreyNoise registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.
View Video
ThreatQuotient

ThreatQuotient to join Securonix

Jun 11, 2025 By ThreatQuotient In ThreatQuotient
Today is a big day for the Crash. We are announcing the next step in our collective journey – Securonix has acquired ThreatQuotient. This is an exciting and rare opportunity to combine Securonix’s best-in-class security analytics and detection with ThreatQ’s best-in-class threat intelligence platform. As we all know, the security operations world is changing at a dramatic pace.
Read Post
ThreatQuotient

How to Keep Major Worldwide Sporting Events on Secure Ground Using Threat Intelligence Reporting

Jun 10, 2025 By ThreatQuotient In ThreatQuotient
As we look at the sporting calendar for 2025 with the UEFA Women’s European Championship in Switzerland and the Tour de France in July, as well as the 2025 Women's Rugby World Cup in the UK starting in August, armchair sportspeople and in-person spectators are spoilt for choice. But aside from the marvel of watching athletes compete to achieve their dreams, the organization (and security) of such events requires meticulous planning, particularly as dates are fixed and immovable.
Read Post

June 9, 2025 Cyber Threat Intelligence Briefing

Jun 9, 2025 By Kroll In Kroll
This week’s briefing covers: Proof of Concept Exploit Released for CVE-2025-32756 Further to Kroll reporting in May regarding a critical zero-day vulnerability, CVE-2025-32756 in Fortinet, is now being actively exploited in the wild, with attackers using a crafted AuthHash cookie to gain control of affected systems.
View Video
centripetal

Security Bulletin: Revolver Rabbit and the Rise of RDGAs

Jun 5, 2025 By Anna Balabushko In Centripetal
Their domains typically follow repeatable patterns, such as dictionary words plus numeric suffixes (e.g., private-jets-99557bond). Additional variants use short alphanumeric suffixes or double dashes, complicating rule-based detection (Infoblox Blog, 2024). These syntactic variations often evade traditional string-matching techniques, requiring DNS-layer telemetry and clustering for full visibility (Infoblox Research Report, 2024).
Read Post
threatbook

ThreatBook Selected in the First-ever Gartner® Magic Quadrant for Network Detection and Response (NDR)

Jun 4, 2025 By ThreatBook
After nearly a year of research and evaluation, Gartner released the first "Magic Quadrant for Network Detection and Response" report on May 29, ThreatBook became the only Chinese company selected.
Read Post
foresiet

New Ransomware Groups Emerging in Late May 2025: A Threat Intelligence Overview

Jun 4, 2025 By Foresiet In Foresiet
As of the end of May 2025, seven new ransomware groups have surfaced with active leak sites and confirmed victim postings. These groups—Silent Ransomware, Gunra Ransomware, JGroup Ransomware, IMN Crew, DireWolf Ransomware, DataCarry Ransomware, and SatanLock Ransomware have demonstrated early signs of active targeting and data exfiltration campaigns. This blog provides a detailed breakdown of their activity, initial victimology, and attribution by geography where applicable.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.