November 17, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
November 10, 2025 Cyber Threat Intelligence Briefing
Microsoft’s DART team identified a new backdoor named SESAMEOP in July 2025 that uses the OpenAI Assistants API as its command and control (C2) channel. Proofpoint has detailed a campaign targeting freight and trucking companies using remote monitoring and management (RMM) tools to steal cargo. Security researchers at Catchify identified a critical unauthenticated remote code execution vulnerability in the UniFi Access backup/export workflow, tracked as CVE-2025-52665, with a CVSS score of 10.0 (critical).
November 03, 2025 Cyber Threat Intelligence Briefing
A critical remote code execution vulnerability in the Windows Server Update Services (WSUS) server role tracked as CVE 2025 59287 (CVSS: 9.8) addressed in the October patch cycle is under active exploitation. Researchers at RandoriSec produced a report on the current state of Microsoft Teams Access Token theft, a tactic that has been used by many threat actor groups to move laterally within environments and assist in internal phishing attacks.
Kroll Conversations: Meet the DFIR Experts
A cyberattack is one of the most devastating experiences a company can go through. Yet for Jaycee Roth and Justin Harvey, being there for organizations when the worst happens is business-as-usual. As part of the Digital Forensics and Incident Response (DFIR) team within Kroll’s Cyber and Data Resilience business, their guidance and support ensures companies can recover fully from the disruption caused by a security incident.
How to Build a Mature Identity and Access Management Framework
This article has been authored by Cynthia Yang and Sorabh Chopra. As cyber threats evolve, traditional credential management falls short. A mature identity and access management (IAM) framework is essential to secure digital identities and reduce risk.
Widespread Installation of Calendaromatic Adware Includes Homoglyph Channel
Kroll has recently seen a widespread installation of an application called Calendaromatic, that Kroll Threat Intelligence (TI) is currently classifying as a potentially unwanted program (adware) but displays some functionality that gives it the potential to conduct more malicious behaviors.
October 27, 2025 Cyber Threat Intelligence Briefing
This campaign uses an updated lure combination of a Cloudflareturnstile and fake Windows update before socially engineering the victim into pasting malicious commands into the run dialogue box. Sekoia has released a detailed technical analysis of the POLAREDGE botnet which it initially reported on earlier this year. The botnet is spread by exploiting vulnerabilities, most notably CVE-2023-20118 in cisco routers; however, other samples from the same family have been seen exploiting routers from other vendors such as Asus, QNAP and Synology.
October 20, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers.
A Practical Guide to Adopting a Zero Trust Architecture
As organizations adapt to hybrid work, cloud adoption, and expanding digital ecosystems, traditional perimeter-based security models are no longer enough. Zero Trust has emerged as a leading framework to help reduce risk, improve visibility, and strengthen resilience, but implementation remains a challenge for many. This whitepaper explores how organizations can adopt Zero Trust in a practical, phased approach, aligned to real business and risk priorities.
October 13, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers.