August 8, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Aug 4, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:44 [SITREP] Orange Telco Discloses Cyberattack
In July 25, 2025, Orange, a major French telecommunications company, detected and isolated a cyberattack targeting one of its internal information systems.

01:49 [MALWARE] KOSKE Cryptominer
A new crypto-mining malware named KOSKE has been detailed by Aqua Security. The researchers believe the malware was likely generated with help of a large language model (LLM) due to the verbose commenting and best practice coding style.

03:19 [VULNERABILITY] CVE-2025-31199 macOS Sploitlight Vulnerability
Microsoft discovered a macOS vulnerability, tracked as CVE-2025-31199 with a CVSS score of 7.8, nicknamed Sploitlight. The vulnerability allows attackers to bypass transparency, consent and control (TCC) protections via manipulated Spotlight plugin bundles.

04:42 [CAMPAIGN] Code Repository Developers Targeted by Phishing
Kroll has observed an incident whereby a user downloaded an NPM package where one of its dependencies, “eslint-config-prettier” appears to have been updated to include malicious code.

07:04 [RANSOMWARE] Who is KTA440 or CHAOS Ransomware?
CHAOS ransomware or KTA440, which emerged in early 2025, is widely believed to be a rebranding of the BlackSuit ransomware group, whose Tor-based leak site was recently seized by law enforcement as part of an international operation called "Operation Checkmate."

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q3 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q3-2023-threat-landscape-report-social-engineering

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.