Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 28, 2025 Cyber Threat Intelligence Briefing

Apr 28, 2025 By Kroll In Kroll
This week’s briefing covers: POC Exploit Released for Erlang CVSS 10 Vulnerability The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. NTLM Hash Leaking Vulnerability Actively Exploited Checkpoint researchers report that they have detected active exploitation of CVE-2025-24054, a hash disclosure via spoofing vulnerability that was patched as part of Microsoft’s March patching cycle.
View Video
centripetal

Security Bulletin: CVE Program Funding Concerns and Emerging Alternatives

Apr 28, 2025 By Lauren Farrell In Centripetal
On April 16, 2025, a critical moment unfolded in the cybersecurity world when the U.S. Department of Homeland Security’s funding for the Common Vulnerabilities and Exposures (CVE) Program, operated by MITRE, was set to expire. The CVE system is a globally relied-upon database for cataloging known cyber vulnerabilities and has been a cornerstone of vulnerability management for over 25 years since its public launch in 1999.
Read Post
centripetal

Security Bulletin: ClickFix and the New Era of Social Engineering

Apr 23, 2025 By Lauren Farrell In Centripetal
ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software updates, or fraudulent security prompts.
Read Post
ThreatQuotient

Identifying Threats is Great. Sharing That Info is Even Better

Apr 22, 2025 By ThreatQuotient In ThreatQuotient
In the current climate, we are tackling the challenge of raising awareness at an industry level, highlighting the advantages of threat intelligence sharing: a practical and collaborative way to enhance cybersecurity awareness across industries and gain a tactical advantage in the evolving threat landscape.
Read Post

April 22, 2025 Cyber Threat Intelligence Briefing

Apr 22, 2025 By Kroll In Kroll
This week’s briefing covers: Palo Alto Confirms Brute Force Campaign Against PAN-OS Devices Worldwide Following Kroll's previous bulletin highlighting a report from GreyNoise indicating a large uptick in activity targeting Palo Alto devices, it has been confirmed that Palo Alto has detected an ongoing campaign to brute force login credentials to PAN-OS devices.
View Video
centripetal

Security Bulletin: Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence

Apr 17, 2025 By Lauren Farrell In Centripetal
CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.
Read Post
ThreatQuotient Celebrates Record Year Marked by Major Customer and Partner Growth, Product Innovation, and Industry Recognition

ThreatQuotient Celebrates Record Year Marked by Major Customer and Partner Growth, Product Innovation, and Industry Recognition

Apr 16, 2025 By ThreatQuotient In ThreatQuotient
ThreatQuotient delivers exceptional growth and innovation over the past year. This growth has been fueled by increasing market demand for simplified security automation technologies to address the challenges around threat intelligence management and security operations. ThreatQuotient's annual Evolution of Cybersecurity Automation Adoption research underlined this momentum.
Read Post
cyjax

Moving Beyond IT: The Strategic Value of Threat Intelligence for Businesses

Apr 15, 2025 By Shail Yadav In CYJAX
In today’s digital-first world, cyber threats are not only increasing in volume, but they’re also becoming more targeted, coordinated, and expensive. According to IBM’s Cost of a Data Breach Report 2024, the global average data breach cost has reached USD 4.88 million, a 10% increase over last year and the highest total recorded to date.
Read Post

April 14, 2025 Cyber Threat Intelligence Briefing

Apr 14, 2025 By Kroll In Kroll
This week’s briefing covers: Fortinet Warns of Active Exploitation of Known Vulnerabilities Fortinet has identified a post-exploitation technique used by threat actors targeting known, unpatched vulnerabilities in FortiGate devices. The threat actor leveraged a symbolic link trick to maintain read-only access to FortiGate devices, even after the original access vector was remediated.
View Video
cyjax

Shifting to Prevention: How Intelligence Can Stop Card Fraud in Its Tracks

Apr 8, 2025 By Shail Yadav In CYJAX
Fraudsters are relentless in their pursuit, targeting physical cards, intercepting personal data, and exploiting online vulnerabilities, all with minimal risk and significant financial reward. In the first half of 2024 alone, unauthorised payment card fraud surged to over £275 million, marking a 7% increase compared to the previous year, according to UK Finance. While the risks associated with fraudsters are well understood, apprehending them remains a significant challenge.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.