ZeroFox Daily Intelligence Brief - June 26, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - June 26, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- French Police Arrest BreachForums Operators in Major Cybercrime Crackdown
- North Korean Infostealers Hidden in npm Packages
- Pro-Iran Hacktivist Group Claims to Have Stolen Data from Saudi Games 2024
French Police Arrest BreachForums Operators in Major Cybercrime Crackdown
What we know: French police have arrested five hackers—"ShinyHunters," “IntelBroker,” "Hollow," "Noct," and "Depressed”—of the cybercrime forum BreachForums. Additionally, IntelBroker has been charged in the United States for trafficking stolen data from global victims, resulting in an estimated USD 25 million in damages.
Context: BreachForums has long served as a hub for cybercriminals, including admins like ShinyHunters and IntelBroker, who are linked to major data breaches affecting global entities.
Analyst note: These arrests remove a few key actors with expertise in breaching high-value targets and monetizing stolen data—likely disrupting other threat actors from accessing vetted breach data.
North Korean Infostealers Hidden in npm Packages
What we know: North Korea’s “Contagious Interview” campaign has been targeting developers with 35 malicious npm packages to deliver infostealers and backdoors under the guise of job assignments.
Context: Posing as recruiters, operatives have been tricking victims into running code that infects devices with malware strains including BeaverTail and InvisibleFerret, along with a custom keylogger.
Analyst note: The campaign likely compromises developer environments, enabling North Korea-linked threat actors to access sensitive data—including credentials, crypto wallets, and browser information. Once inside, the actors likely maintain persistent remote access and conduct surveillance as part of broader cyberespionage campaigns.
Pro-Iran Hacktivist Group Claims to Have Stolen Data from Saudi Games 2024
Source: https://thehackernews.com/2025/06/pro-iranian-hacktivist-group-leaks.html
What we know: Pro-Iranian hacktivist group “Cyber Fattah” has published data allegedly associated with visitors and athletes of the Saudi Games 2024 on dark web forum DarkForums.
Context: The stolen data reportedly contains personally identifiable information (PII) of visitors and athletes including passport details, International Bank Account Numbers (IBANs), medical certificates, IT staff credentials, and details of government officials that were on the Saudi Games 2024 site.
Analyst note: The data is likely to be used in Identity theft, phishing, social engineering, and ransomware attacks. The incident likely indicates a protracted conflict among hacktivist groups in the cyber space despite a ceasefire between Iran and Israel. Some hacktivist claims are also likely to be meant for psychological operations rather than technical impact.
DEEP AND DARK WEB INTELLIGENCE
DarkForums user Zoldyck: Untested threat actor “Zoldyck” has advertised some data allegedly from Spain-based ERGO Seguros de Viaje (ERGO Travel Insurance) on DarkForums. The leaked data allegedly contains 2,000,000 rows of data, including customer id, name, date of birth, national id, address, and phone number. The leaked data could enable identity theft, targeted phishing attacks, or fraudulent insurance claims.
VULNERABILITY AND EXPLOIT INTELLIGENCE
Google patches 11 vulnerabilities: Google, in its latest update, rolled out 11 security fixes, including a medium-severity use-after-free vulnerability in Animation (CVE-2025-6555), and two low-severity issues—insufficient policy enforcement in Loader (CVE-2025-6556) and insufficient data validation in DevTools (CVE-2025-6557). If left unpatched, the vulnerabilities could be exploited to compromise browser stability and security.
Affected products: The affected products are listed in this advisory.
Tags: DIB, tlp:green