Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A critical remote code execution vulnerability in the Windows Server Update Services (WSUS) server role tracked as CVE 2025 59287 (CVSS: 9.8) addressed in the October patch cycle is under active exploitation. Researchers at RandoriSec produced a report on the current state of Microsoft Teams Access Token theft, a tactic that has been used by many threat actor groups to move laterally within environments and assist in internal phishing attacks.

This campaign uses an updated lure combination of a Cloudflareturnstile and fake Windows update before socially engineering the victim into pasting malicious commands into the run dialogue box. Sekoia has released a detailed technical analysis of the POLAREDGE botnet which it initially reported on earlier this year. The botnet is spread by exploiting vulnerabilities, most notably CVE-2023-20118 in cisco routers; however, other samples from the same family have been seen exploiting routers from other vendors such as Asus, QNAP and Synology.

This week’s briefing covers.

This week’s briefing covers.

This week’s briefing covers: Dive deeper.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our third guest is Max Henderson, Global Head of Digital Forensics and Incident Response, based in Tampa. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: Dive deeper.

This week’s briefing covers: Dive deeper.

This week’s briefing covers: Dive deeper.

Organizations today are under pressure to effectively respond to acute risk events that can threaten financial stability, regulatory compliance, executive safety and stakeholder trust. Hear from Managing Director Nickolas Savage on the importance of getting the right support quickly, while maintaining cost efficiency and operational resilience.