ZeroFox Daily Intelligence Brief - June 16, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - June 16, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- ZeroFox Intelligence Flash Report - Mobile Numbers Advertised for Sale in Dark Web Forum
- Washington Post Journalists Email Accounts Breached
- Geopolitical Focus: Israel-Iran Exchange Fire on Day Four of Conflict
ZeroFox Intelligence Flash Report - Mobile Numbers Advertised for Sale in Dark Web Forum
Source: https://www.zerofox.com/advisories/33904/
What we know: Threat actor “Machine1337” has advertised mobile numbers allegedly belonging to at least 20 organizations, including prominent U.S.-based tech giants, on Russian-speaking dark web forum xss.
Context: Machine1337 claimed the mobile numbers are “freshly scraped and verified” and offered a sample of the data. It is unclear if the numbers are associated with personal or corporate mobile phones. The threat actor has previously been linked to data breaches at major U.S. organizations.
Analyst note: Malicious actors are likely to use the contact details in phishing and social engineering attacks. The phone numbers are likely to be used to commit fraud and impersonation attacks, if the numbers are linked to other personally identifiable information (PII).
Washington Post Journalists Email Accounts Breached
What we know: The Washington Post is investigating a cyberattack that may have compromised the email accounts of several journalists.
Context: Some officials from the company suspect a foreign government to be behind the breach. The journalists affected include those covering national security and economic policy, particularly some reporting on China.
Analyst note: The compromised emails likely contained sensitive information, including the names and contact details of confidential sources. If the threat actors are linked to China, their objective could be to identify potential defectors, whistleblowers, or other individuals of interest in order to monitor, intimidate, or neutralize them.
Geopolitical Focus: Israel-Iran Exchange Fire on Day Four of Conflict
- The conflict between Israel and Iran has entered its fourth day, with rising casualties on both sides. Iran has reportedly launched new waves of missile attacks targeting Israel, with impacts reported in various regions. In response, Israel announced it had launched another round of strikes against military sites throughout Iran. Read this ZeroFox report for details on the ongoing conflict.
DEEP AND DARK WEB INTELLIGENCE
VirtualMacOSX data breach: An alleged data breach affecting VirtualMacOSX has exposed the data of 10,000 customers on a cybercrime forum. The leaked data includes names, contact details, passwords, bank details, and user support messages with IPs—putting customers at risk of identity theft, financial fraud, phishing attacks, and potential account takeovers.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2025-4123: Over 46,000 publicly-connected systems with the open-source platform Grafana, remain vulnerable due to an already-patched bug that enables threat actors to redirect targets to malicious websites where arbitrary code can be executed. This XSS vulnerability does not require editor permissions for exploitation and can be further exploited using a malicious plugin. An exploit is likely to enable threat actors to hijack sessions or even takeover accounts.
Affected products: Supported versions of Grafana OSS and Grafana Enterprise and unsupported versions till at least Grafana 8
Tags: DIB, tlp:green