Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 12, 2025 Cyber Threat Intelligence Briefing

May 12, 2025 By Kroll In Kroll
This week’s briefing covers: Software Supply Chain Attack on Golang Leads to Wiper Malware A supply-chain attack has been discovered that targeted Linux servers through malicious Golang modules, mimicking legitimate modules, that were posted on GitHub. Continued Exploitation of Critical SAP NetWeaver Critical Vulnerability Further to Kroll’s reporting in previous weeks regarding active exploitation of CVE-2025-31324, a critical vulnerability that allows a threat actor to execute code remotely.
View Video
cyjax

Building a Proactive Threat Intelligence Program: Exclusive Guide For A CISO

May 9, 2025 By Shail Yadav In CYJAX
As cyber threats grow more advanced and persistent, traditional reactive defences are no longer enough. Today’s security leaders must shift toward proactive threat intelligence, anticipating and neutralising risks before they evolve into serious breaches.
Read Post

How to Adopt DORA's Threat-Led Penetration Testing Requirements

May 8, 2025 By Kroll In Kroll
The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out Threat-Led Penetration Testing (TLPTs) on a regular basis. However, the skills required along with the planning for these types of exercises can prove difficult and time consuming. During this session, Kroll brings together our red teaming, threat intelligence and DORA regulatory compliance experts to provide practical guidance on how security, risk and resiliency leaders can adopt a sustainable threat-led penetration testing (TLPT) program as required by DORA.
View Video
centripetal

Security Bulletin: Magecart Skimming Campaign

May 8, 2025 By Anna Balabushko In Centripetal
Magecart is a long-running digital skimming threat attributed to multiple financially motivated cybercriminal groups specializing in the theft of payment card data from e-commerce websites. First identified in 2015, Magecart attacks have continuously evolved, leveraging compromised third-party services, supply chain vulnerabilities, and increasingly sophisticated obfuscation tactics to inject malicious JavaScript skimmers into checkout pages.
Read Post
centripetal

Navigating the New Cyber Threat Landscape: Why Irish SMEs Must Think and Act Differently

May 7, 2025 By Mike McKnight In Centripetal
Let’s be honest, keeping your business safe online feels like a never-ending race these days, especially for Small and Medium Enterprises (SMEs). At Intuity Technologies, we see it every day: the bad guys are getting smarter, faster, and ultimately relentless. With IT budgets often stretched thin, and the digital world constantly developing – it’s tougher than ever for SMEs to stay secure.
Read Post
centripetal

Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise

May 6, 2025 By Lauren Farrell In Centripetal
CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups.
Read Post

May 06, 2025 Cyber Threat Intelligence Briefing

May 6, 2025 By Kroll In Kroll
This week’s briefing covers: UK Defence Contractors Warn Staff Against Chinese EVs UK defence firms, including Lockheed Martin and Thales, have advised staff against connecting mobile phones to Chinese-made electric vehicles (EVs) due to concerns over potential espionage and data theft. These vehicles, equipped with cameras, microphones, and internet connectivity, could be exploited by hostile states to collect sensitive information.
View Video
ThreatQuotient

People, Process, Technology: How Cybersecurity Automation Fuels the Virtuous Circle

May 6, 2025 By ThreatQuotient In ThreatQuotient
Cybersecurity isn’t just about tools and firewalls — it’s about people. Cybersecurity automation is proving to be a game-changer, not only for security outcomes but also for the people behind them. For many organizations, automation is now tightly aligned with employee satisfaction and retention. In fact, 47% of organizations see workforce morale as a key performance indicator (KPI) when evaluating the return on investment (ROI) of their cybersecurity automation efforts.
Read Post
Featured Post
How to keep major worldwide sporting events on secure ground using threat intelligence reporting

How to keep major worldwide sporting events on secure ground using threat intelligence reporting

May 5, 2025 By Céline Gajnik-Kinnoo, Global Marketing Director In ThreatQuotient
As we look at the sporting calendar for 2025 with the UEFA Women's European Championship in Switzerland and the Tour de France in July, as well as the 2025 Women's Rugby World Cup in the UK starting in August, armchair sportspeople and in-person spectators are spoilt for choice. But aside from the marvel of watching athletes compete to achieve their dreams, the organization (and security) of such events requires meticulous planning, particularly as dates are fixed and immovable. To put this into context, the Olympic Games are one of the most widely covered sporting events in the world, with an audience of more than 4 billion viewers.
Read Post
fidelis security

Analyzing Advanced Persistent Threats (APTs) in Threat Intelligence for Government Agencies

May 2, 2025 By Fidelis Security In Fidelis Security
It doesn’t matter which industry you belong to; cybersecurity is one of the most important factors you should always be cautious about. When it comes to government agencies, the stakes are even higher! Government agencies are prime targets for cybercriminals, including state-sponsored actors and APT groups. These APT attackers often utilize Advanced Persistent Threats (APTs), which are designed to infiltrate target networks and gain access to sensitive data over extended periods.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.