Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The eDiscovery landscape is undergoing a profound transformation, driven by the rapid evolution of artificial intelligence (AI). What was once a labor-intensive, manual process is now being revolutionized by technologies capable of analyzing vast volumes of data with speed, precision and insight. AI is not just a buzzword; it’s a catalyst for smarter, faster and more defensible legal workflows.

Starting in July 2025, Kroll has observed a new delivery method coming from the XWORM malware family. Previously known to leverage a self-contained executable in order to drop the final payload, XWORM now uses Ghost Crypt which is a service publicized on HackForums and used to exploit DLL side-loading vulnerabilities in known applications. The service includes support for a range of malware families, including LUMMASTEALER, BLUELOADER, RHADAMANTHYS, XWORM, DCRAT, PURELOADER, STEALC and others.

Organizations are under constant threat from vulnerabilities hidden deep within their own systems and applications. Uncovering these types of weaknesses before they lead to security issues such as malware, ransomware attacks and social engineering is a challenge that Jugal Bhatt and Jonathan Hosick take on every day.

Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective.

Getting back to business as usual after a data breach involves an array of legal, regulatory and reputational challenges. Enabling organizations to navigate these at pace is everyday life for Josh Toon and Dustin Roth.

A recent revelation of a Chinese-manufactured “kill switch” embedded in power inverters has reignited global conversations about cyber risk, supply chain vulnerabilities and geopolitical dependencies in the Operational Technology (OT) ecosystem.

The convergence of Building Automation and Control Systems (BACS) and smart building innovation within operational technology (OT) is helping to drive technological and environmental advances. However, it is also contributing to the emergence of significant security vulnerabilities and threats.

Preparing for risk is critical to ensuring organizational resilience, but what about the risks that can’t be planned for? Businesses frequently fall into the trap of strategizing only for known risks—those that are easily anticipated—while failing to recognize their blind spots in relation to unknown risk events.

During the investigation of a large-scale cryptocurrency theft, with total losses significantly exceeding USD 1 million spread across multiple currencies, Kroll researchers discovered two new pieces of malware. These pieces of malware ultimately led to deployment of Havoc C2’s agent, “Demon.”

Beginning in early April 2025, Kroll has observed a large wave of malicious activity surrounding "PDFast" software. Initial access for the campaign appeared to begin either through a new install of the application, through drive-by compromise on the site pdf-fastcom, or via pre-installed versions of the application that have since been updated with a malicious version.