December 15, 2025 Cyber Threat Intelligence Briefing

Описание: This week’s briefing covers:

00:00 – Intro

00:46 [PATCHING] Microsoft Patch Tuesday Addresses 154 Issues, One Zero-Days
Microsoft has fixed 70 vulnerabilities in December’s patch cycle and Microsoft Edge releases.
The patches address:
• Elevation of Privilege Vulnerabilities: 28
• Remote Code Execution Vulnerabilities: 19
• Information Disclosure Vulnerabilities: 4
• Denial of Service Vulnerabilities: 3
• Spoofing Vulnerabilities: 2
• Edge-Chromium Vulnerabilities: 14

01:58 [VULNERABILITY] React2Shell Exploited to Deliver EtherRAT
Threat actors with ties to North Korea have been observed exploiting the recently disclosed React2Shell vulnerability in React Server Components (RSC) to deliver a previously undocumented remote access trojan named EtherRAT. The malware leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms and downloads its own Node.js runtime from nodejs.org.

03:38 [MALWARE] CISA Details on BRICKSTORM Malware
BRICKSTORM provides the actor with an interactive shell that provides full control of infected systems, with features such as file manipulation and exfiltration as well as SOCKS proxy capabilities.

05:15 [VULNERABILITY] Fortinet Critical Vulnerabilities
Fortinet has released an update that fixed 18 flaws, including two critical vulnerabilities, CVE-2025-59718 and CVE-2025-59719. On the Fortinet advisory, they carry a CVSS score of 9.1. However, on the NVD database, they are noted as 9.8, both signifying Critical in severity.

07:09 [MALWARE] 01FLIP: New Multiplatform Ransomware Family
Palo Alto's Unit42 has reported on a newly discovered ransomware family it is naming "01FLIP." The group was discovered during the investigation of a suspicious Windows binary, and named for the file extension applied appended to encrypted files (.01flip,) as well as the email address for contact within the ransom note (01flip(@)proton.me.

08:40 [CAMPAIGN] Storm-0249 Exploits EDR Through DLL Sideloading
Storm-0249 has transitioned from widespread phishing to stealthier, targeted campaigns by weaponizing legitimate Endpoint Detection and Response processes. The attack begins with the ClickFix social engineering tactic, convincing victims to execute malicious curl commands in the Windows Run dialog.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cybe...

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cybe...

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/T...

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings:    • Cyber Threat Intelligence Briefings  

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyb...

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cybe...

Kroll Responder MDR: https://www.kroll.com/en/services/cyb...

#krollcyber #threatintelligence #cyberthreats