Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: Joint Cybersecurity Advisory released on KTA007 (APT28) A joint advisory has been released warning of Russian-attributed threat actors targeting western logistics entities and technology companies since 2022. Microsoft leads global action to disrupt LUMMASTEALER Microsoft’s Digital Crimes Unit has recently seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of LUMMASTEALER infrastructure.

This week’s briefing covers: Coinbase Insider Threat Leads to Theft of Customer Data Coinbase has released a blog post and filed an SEC Form 8-K reporting an incident whereby they received an email attempting to extort the company for $20m. According to the post, the threat actors approached customer support staff and “used cash offers to convince a small group of insiders to copy data in our customer support tools”. Stolen data includes personal details including identity documents and account data include balance and transaction history.

This week’s briefing covers: Software Supply Chain Attack on Golang Leads to Wiper Malware A supply-chain attack has been discovered that targeted Linux servers through malicious Golang modules, mimicking legitimate modules, that were posted on GitHub. Continued Exploitation of Critical SAP NetWeaver Critical Vulnerability Further to Kroll’s reporting in previous weeks regarding active exploitation of CVE-2025-31324, a critical vulnerability that allows a threat actor to execute code remotely.

The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out Threat-Led Penetration Testing (TLPTs) on a regular basis. However, the skills required along with the planning for these types of exercises can prove difficult and time consuming. During this session, Kroll brings together our red teaming, threat intelligence and DORA regulatory compliance experts to provide practical guidance on how security, risk and resiliency leaders can adopt a sustainable threat-led penetration testing (TLPT) program as required by DORA.

This week’s briefing covers: UK Defence Contractors Warn Staff Against Chinese EVs UK defence firms, including Lockheed Martin and Thales, have advised staff against connecting mobile phones to Chinese-made electric vehicles (EVs) due to concerns over potential espionage and data theft. These vehicles, equipped with cameras, microphones, and internet connectivity, could be exploited by hostile states to collect sensitive information.