February 2, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Feb 2, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:46 [VULNERABILITY] New, Trending Critical Vulnerabilities Update
The following table details critical vulnerabilities (CVSS 9) that are trending, have been reportedly exploited or have had a proof of concept (POC) released in the past week. It is recommended that affected products are patched, or mitigations are put in place to reduce the risk of exploitation.

05:42 [CAMPAIGN] Voice Phishing Targeted at Okta SSO Accounts
Okta has reported on an active campaign by a group it is tracking as O-UNC-034 which leveraged voice social engineering against help desk staff to take over accounts and manipulate payroll system data.

08:22 [VULNERABILITY] Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (CVE-2026-21509)
Microsoft released an out of band security update to address Office security feature bypass that is actively exploited in the wild. Tracked as CVE 2026 21509, with a CVSS score of 7.8. The vulnerability allows attackers to circumvent existing object linking and embedding (OLE) mitigations designed to block unsafe COM/OLE controls.

11:02 [MALWARE] PURERAT Campaign: Vietnamese Threat Actor Leverages AI to Develop Malware Toolset
A Vietnamese threat actor has been using AI-assisted development to create and distribute PURERAT malware through job-themed phishing campaigns. Several of the tools involved contain clear signs of AI generation, including detailed Vietnamese-language comments, numbered procedural steps, and even emojis within the code.

13:48 [RANSOMWARE] AI Generated SICARII Ransomware Prevents Data Decryption
The Sicarii ransomware strain has introduced a critical flaw that renders data recovery impossible for victims. Unlike traditional ransomware that retains a private key for decryption, Sicarii generates a unique RSA key pair upon execution and immediately deletes the private key.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.