ZeroFox Daily Intelligence Brief - June 11, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - June 11, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- FIFA Club World Cup 2025 Event Assessment
- 300,000 Vehicle Crash Records Stolen from Texas Transport Department
- Over 20 Configuration Vulnerabilities Found in Salesforce Industry Cloud
FIFA Club World Cup 2025 Event Assessment
Source: https://www.zerofox.com/advisories/33784/
What we know: ZeroFox researchers assessed physical and cybersecurity threats to the FIFA Club World Cup (CWC) 2025 soccer tournament, which is set to take place from June 15 to July 13, 2025.
Context: This year's event is the first-ever 32-team CWC (up from seven), which has caused controversy over alleged “excessive” logistical and scheduling constraints on soccer clubs. The controversy surrounding this tournament could impact attendance, public transportation, accommodation, tourism, and security services.
Analyst note: Threat actors are likely registering new domain names to impersonate FIFA. ZeroFox assesses that these domains are likely to be used in malicious campaigns. Additionally, attackers are likely to exploit ticketing scams, leverage stolen credentials, and previously stolen attendee data to launch social engineering attacks and attempt to compromise official systems.
300,000 Vehicle Crash Records Stolen from Texas Transport Department
What we know: Unknown threat actors have stolen nearly 300,000 vehicle crash reports from the Texas Department of Transportation’s (TxDOT) Crash Records Information System (CRIS), reportedly using the credentials of a compromised account.
Context: TxDOT is warning affected individuals that stolen data could include their full name, physical address, license plate number, driver’s license number, vehicle insurance policy details, and description of the crash and the injuries sustained.
Analyst note: Affected individuals and their family members are likely to be targeted in phishing and social engineering attacks by financially-motivated threat actors. Threat actors are also likely to use the data to impersonate the affected individuals for other malicious activities.
Over 20 Configuration Vulnerabilities Found in Salesforce Industry Cloud
Source: https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html
What we know: Security researchers have uncovered over 20 configuration-related vulnerabilities in Salesforce Industry Cloud. Salesforce fixed three issues and provided guidance for two; the other bugs reportedly stem from customer-level misconfiguration and hence were not directly resolved at the enterprise level. Meanwhile, Heroku—Salesforce’s cloud platform for app deployment—has experienced a widespread outage that lasted over six hours.
Context: The flaws affect key components like FlexCards, Integration Procedures, and OmniScripts. These components handle sensitive data and business logic in Salesforce’s vertical cloud solutions.
Analyst note: If left unaddressed, these misconfigurations can let attackers bypass security controls and access encrypted data, session details, credentials, and business logic. This will likely put sensitive customer and employee information at risk of data breaches, unauthorized access, and potential misuse of business-critical systems.
DEEP AND DARK WEB INTELLIGENCE
FIN6 hackers posing as job seekers: FIN6 (aka Skeleton Spider) hacking group has been reportedly targeting recruiters, by posing as job seekers with convincing resume sites and phishing emails, to deliver malware.The malware-as-a-service (MaaS) “More Eggs,” a JavaScript backdoor, is used to steal credentials, access systems, and deploy ransomware. Affected organizations are likely to be targeted in double extortion ransomware attacks. Accounts of human resources personnel are likely to be compromised in such attacks.
VULNERABILITY AND EXPLOIT INTELLIGENCE
Microsoft June 2025 Patch Tuesday: In this month’s Patch Tuesday updates, Microsoft addressed 66 security flaws, including one actively exploited vulnerability (CVE-2025-33053) and another that was publicly disclosed (CVE-2025-33073). Of these, ten are rated Critical, comprising eight remote code execution vulnerabilities and two elevation of privilege vulnerabilities.
Affected products: The affected products have been listed in this update.
Adobe vulnerabilities: Adobe has released patches for 254 security flaws, with 225 affecting Adobe Experience Manager (AEM). These impact AEM Cloud Service and versions up to 6.5.22. Nearly all of the 225 flaws were stored or DOM-based XSS vulnerabilities that could enable arbitrary code execution. These vulnerabilities have been addressed in AEM Cloud Service Release 2025.5 and version 6.5.23.
Affected products: The affected products have been listed in this update.
Tags: DIB, tlp:green