Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: POC Exploit Released for Erlang CVSS 10 Vulnerability The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. NTLM Hash Leaking Vulnerability Actively Exploited Checkpoint researchers report that they have detected active exploitation of CVE-2025-24054, a hash disclosure via spoofing vulnerability that was patched as part of Microsoft’s March patching cycle.

This week’s briefing covers: Palo Alto Confirms Brute Force Campaign Against PAN-OS Devices Worldwide Following Kroll's previous bulletin highlighting a report from GreyNoise indicating a large uptick in activity targeting Palo Alto devices, it has been confirmed that Palo Alto has detected an ongoing campaign to brute force login credentials to PAN-OS devices.

This week’s briefing covers: Fortinet Warns of Active Exploitation of Known Vulnerabilities Fortinet has identified a post-exploitation technique used by threat actors targeting known, unpatched vulnerabilities in FortiGate devices. The threat actor leveraged a symbolic link trick to maintain read-only access to FortiGate devices, even after the original access vector was remediated.

This week’s briefing covers: North Korean Fake Workers Expand to European Organizations Kroll has previously reported on the growing scale of the DPRK IT worker fraud scheme where the U.S. was a key focus, with some Southeast Asian countries also seeing fraudulent activity. It has since been reported that an increase in active operations in Europe has been observed—a notable expansion since its beginnings in 2024.

March 31, 2025 Cyber Threat Intelligence Briefing.

March 24, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: KTA134 (BLACKBASTA) Chats Suggests Help From Russian Officials Upon review of leaked chat logs, it appears that KTA248 (Oleg Nefedov, GG, Tramp, Kurva) was able to evade trial by eliciting the help of Russian government officials. Supply Chain Attack Leaks Secrets from GitHub A supply chain attack on the popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets over the weekend.

This week’s briefing covers: KTA080 (CLOP) Update CL0P has recently published files from victim organizations that were last revealed from the E-H listing around February 24, 2025. Some victim organizations were removed from the E-H listing as well as the H-W listing, likely due to negotiations with the threat actor group to refrain from sensitive data to be published. Additional victim companies have also been published outside of the E-H listing.

The Evolving Phishing Threat.