ZeroFox Daily Intelligence Brief - June 20, 2025

ZeroFox Daily Intelligence Brief - June 20, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• The 16 Billion Credentials Leak Unlikely to Represent New Data Breach
• DOJ Seizes USD 225M in Crypto Tied to Fraud, Laundering
• Krispy Kreme Confirms Details of Data Breach

The 16 Billion Credentials Leak Unlikely to Represent New Data Breach

Source: https://www.forbes.com/sites/daveywinder/2025/06/19/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/

What we know: A 16 billion login credentials, affecting Apple, Facebook, and other social media sites, have reportedly been leaked as a result of multiple infostealers. However, there is no evidence that this massive database contains new data.

Context: The websites involved in the “data breach” have not been reported to be compromised in recent times. Infostealers are often used by threat actors to breach networks. They are also very common, and infostealer compilations are often offered for free by cybercriminals to gain reputation.

Analyst note: The 16 billion record of credentials is very likely a compilation of previous leaks, including those that are offered for free. However, threat actors are likely to use the data to carry out further phishing, social engineering, and credential stuffing attacks.

DOJ Seizes USD 225M in Crypto Tied to Fraud, Laundering

Source: https://www.bleepingcomputer.com/news/legal/us-recovers-225-million-of-crypto-stolen-in-investment-scams/

What we know: The U.S. Department of Justice (DOJ) seized over USD 225 million in cryptocurrency linked to investment fraud and money laundering.

Context: More than 400 victims were defrauded with funds funneled through 93 scam deposit addresses and 35 intermediary wallets before being consolidated into seven USD Tether (USDT) wallet groups. The launderers used tactics like high gas fees to obscure transaction paths.

Analyst note: The DOJ action will likely help victims recover some of the stolen funds. More law enforcement operations targeting crypto-based fraud are likely to follow.

Krispy Kreme Confirms Details of Data Breach

Source: https://www.theregister.com/2025/06/19/krispy_kreme_reveals_staggering_breadth/

What we know: Krispy Kreme has confirmed that a November 2024 breach compromised data belonging to more than 160,000 people.

Context: The breach exposed sensitive personal information, including biometrics, medical records, military IDs, and full financial access data.

Analyst note: The leak of such sensitive data could enable identity theft, financial fraud, medical impersonation, and other long-term privacy risks.

DEEP AND DARK WEB INTELLIGENCE

DarkForums user Keymous: Threat actor Keymous has advertised a database associated with the Moroccan Football Federation on DarkForums. Allegedly, the database contains approximately 4,289 records, including names, MA ID numbers, FIFA IDs, email addresses, and other personally identifiable information (PII). The exposure of such data will likely enable identity theft, phishing attacks, and unauthorized access to internal systems or accounts.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-20271: A remotely exploitable vulnerability in Cisco Meraki devices enables unauthenticated attackers to disrupt VPN services by sending crafted HTTPS requests. This could cause operational disruptions as threat actors could reboot devices remotely and conduct denial of access for affected devices.

Affected products: The affected products are listed in this advisory.