ZeroFox Daily Intelligence Brief - June 23, 2025

ZeroFox Daily Intelligence Brief - June 23, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• CoinMarketCap Removes Malicious Code After Supply Chain Wallet Drainer Attack
• Major DDoS Attack Targets Hosting Provider
• Geopolitical Focus: Iran’s Response, Violence at French Music Festival, and More

CoinMarketCap Removes Malicious Code After Supply Chain Wallet Drainer Attack

Source: https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup/

What we know: CoinMarketCap (CMC) has removed malicious content, identified the root cause, and implemented mitigation measures after it was compromised through a supply chain attack.

Context: The attack was discovered after leaked images circulated on a Telegram channel, revealing that users were tricked into connecting their wallets through convincing Web3 popups embedded within CMC’s interface.

Analyst note: Unlike traditional phishing, these wallet-draining scripts are distributed through trusted platforms, social media, ads, spoofed sites, and malicious browser extensions—making them harder to detect. Victims unknowingly grant attackers access to their wallets, likely leading to immediate crypto losses and exposing the entire contents of the wallet to further unauthorized transactions.

Major DDoS Attack Targets Hosting Provider

Source: https://www.securityweek.com/record-breaking-ddos-attack-peaked-at-7-3-tbps/

What we know: A hosting provider has been hit by a distributed denial-of-service (DDoS) attack that peaked at 7.3TBPS, flooding it with 37.4TB of data in 45 seconds.

Context: The DDoS attack originated from over 122,000 devices spread across 161 countries and 5,400 different networks.

Analyst note: A DDoS attack can likely weaken defenses, obscure monitoring systems, and create openings for more targeted cyberattacks. If one service in a network is disrupted, the impact could spill over to other partners, vendors, or customers, expanding the attack surface and making incident response more complex.

Geopolitical Focus: Iran’s Response, Violence at French Music Festival, and More

• Iran’s ambassador to the United Nations (UN) Amir Saeid Iravani said that the Iranian military will be deciding the “timing, nature, and scale” of a response following U.S. airstrikes. Meanwhile, there are concerns over Tehran attempting to close the vital trade route, Strait of Hormuz, read this ZeroFox advisory to know more. Additionally, the United States has warned of a “heightened threat environment” in the country as a result of its involvement.

• Two people were killed and at least 16 were injured in shooting incidents during Juneteenth celebrations in South Carolina and Oklahoma. Additionally, another person was killed and seven injured in a separate gunfire incident at the 2025 Tulsa Juneteenth Festival.

• At least 145 people reported being pricked with syringes at France’s annual street music festival, Fête de la Musique. French police have detained 12 suspects. Reportedly, social media posts had urged for targeting of women ahead of the festival.

• At least 22 people have been killed and 63 injured in a suicide bombing carried out by the Islamic State (IS) at a church in Damascus, Syria.

DEEP AND DARK WEB INTELLIGENCE

Handala Hack Team targets Israeli company: On June 23, 2025, ZeroFox observed hacktivist group Handala Hack Team claiming to have targeted an Israel-based communications company Ben Horin & Alexandrovitz. Hacktivist activity is almost certainly set to increase in the context of the Iran-Israel conflict. The aim is likely to disrupt services to hamper ongoing government and military operations and also deliver a psychological impact.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-6474: This sql injection flaw enables remote attackers to manipulate the user_id parameter and access or alter databases. The exploit has been disclosed to the public. Threat actors could use it to exfiltrate data, takeover accounts, and escalate privileges.

Affected products: Code-projects Inventory Management System 1.0