ZeroFox Daily Intelligence Brief - July 14, 2025

ZeroFox Daily Intelligence Brief - July 14, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Louis Vuitton UK Suffers Data Breach Days After Similar South Korea Incident
• NVIDIA Urges GPU Security Against Possible Rowhammer Attacks
• Major Video Games Piracy Websites Seized by Law Enforcement

Louis Vuitton UK Suffers Data Breach Days After Similar South Korea Incident

Source: https://www.theguardian.com/technology/2025/jul/11/louis-vuitton-uk-customer-data-stolen-cyber-attack

What we know: French luxury group Louis Vuitton Moët Hennessy (LVMH) has notified its U.K. customers of a data breach, following a similar alert sent to its South Korea-based customers. This is reportedly the third breach at LVMH in the past three months, including one at its label Christian Dior.

Context: Data including names, contact details, and purchase history was stolen, but financial data was not breached. The incident follows the arrest of four in the United Kingdom for cyberattacks on Marks & Spencer (M&S), Co-op, and other retailers; read this ZeroFox advisory for more details.

Analyst note: The recurring data breaches at LVMH suggests the threat actor likely still has access to the group’s systems, impacting its operations worldwide. Exposed customers are likely to be targeted in phishing, social engineering, and impersonation attacks.

NVIDIA Urges GPU Security Against Possible Rowhammer Attacks

Source: https://www.bleepingcomputer.com/news/security/nvidia-shares-guidance-to-defend-gddr6-gpus-against-rowhammer-attacks/

What we know: NVIDIA is urging users to turn on System Level ECC, a feature that helps detect and correct memory errors, to protect against Rowhammer attacks that can corrupt GDDR6 memory—a type of graphic processing unit (GPU).

Context: Researchers used a tool called GPUHammer on an NVIDIA A6000 graphics card and were able to flip bits in memory, which can silently corrupt data AI model results (dropping accuracy from 80 to 1 percent). Rowhammer attacks are hardware faults that can be triggered by software processes. System errors arise when binary digits are flipped in a memory row to cause a change in in-memory information.

Analyst note: Rowhammer attacks on GPU memory could enable threat actors to successfully conduct system denial-of-service, corrupt data, and escalate privileges. Enabling System Level ECC is essential in GPUs to detect and correct memory errors, ensuring reliable AI and system performance.

Major Video Games Piracy Websites Seized by Law Enforcement

Source: https://hackread.com/fbi-seizes-major-sites-sharing-pirated-video-games/

What we know: The FBI’s Atlanta Field Office has seized the domains and dismantled the infrastructure of several online criminal marketplaces that leaked pirated versions of popular video games.

Context: Between February 28, 2025, and May 28, 2025, records indicate a total of 3.2 million downloads occurred on these sites from the most used download service, resulting in an estimated loss of USD 170 million.

Analyst note: Pirated video games—often sought after by enthusiasts looking for early or free access to highly anticipated games—are very likely to be infected with malware, including infostealers and spyware. Although the FBI operation will temporarily reduce access to piracy services, the high demand is likely to fuel the emergence of more such websites.

DEEP AND DARK WEB INTELLIGENCE

Chinese hackers suspected in law firm breach: China-linked hackers are suspected to have targeted Wiley Rein, a Washington, D.C.-based law firm, in an intelligence-gathering operation. The hackers allegedly accessed emails of Wiley personnel. The law firm has been involved in advising U.S. companies and the government to navigate the recent trade and tariff policies. Chinese hackers were likely attempting to access sensitive negotiations and insider details on trade policies of the United States through the operation.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-25257: This SQL injection flaw in Fortinet FortiWeb could enable threat actors to conduct unauthenticated remote code execution. Fortinet has patched the issue in recent updates, while researchers have released proof-of-concept for the bug. If left unpatched, threat actors could gain control over the affected FortiWeb devices, accessing internal networks, sensitive logs, and configuration data.

Affected products: The affected products are listed in this advisory.