Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.

This week’s briefing covers: Dive deeper.

This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.

This week’s briefing covers: BruteForce Attack Against Apache TomCat Manager GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, GreyNoise registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our second guest is Denyl Green, Managing Director in the Cyber Risk business, based in Portland. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: Proof of Concept Exploit Released for CVE-2025-32756 Further to Kroll reporting in May regarding a critical zero-day vulnerability, CVE-2025-32756 in Fortinet, is now being actively exploited in the wild, with attackers using a crafted AuthHash cookie to gain control of affected systems.

In this series, we chat with cybersecurity and data resilience leaders from Kroll and our partners. Our first guest is Katherine Keefe, Managing Director and Global Cyber Insurance Lead. Future episodes will cover topics such as the Cyber Threat Landscape, AI Risk Governance, and Breach Notification.

This week’s briefing covers: MATLAB dev confirms ransomware attack behind service outage MathWorks, the developer of the popular MATLAB numeric computing platform and the Simulink simulation, has disclosed it suffered a ransomware attack beginning on May 18, 2025. The attack impacted online applications used by customers as well as internal staff systems.

This week’s briefing covers: Joint Cybersecurity Advisory released on KTA007 (APT28) A joint advisory has been released warning of Russian-attributed threat actors targeting western logistics entities and technology companies since 2022. Microsoft leads global action to disrupt LUMMASTEALER Microsoft’s Digital Crimes Unit has recently seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of LUMMASTEALER infrastructure.

This week’s briefing covers: Coinbase Insider Threat Leads to Theft of Customer Data Coinbase has released a blog post and filed an SEC Form 8-K reporting an incident whereby they received an email attempting to extort the company for $20m. According to the post, the threat actors approached customer support staff and “used cash offers to convince a small group of insiders to copy data in our customer support tools”. Stolen data includes personal details including identity documents and account data include balance and transaction history.