ZeroFox Daily Intelligence Brief - July 29, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - July 29, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Russian Airline Aeroflot Cancels Flights Following Cyberattack
- French Defense Company Faces 1 TB Data Breach
- MacOS Vulnerability Bypasses Apple Intelligence Protections
Russian Airline Aeroflot Cancels Flights Following Cyberattack
What we know: Russia’s national airline Aeroflot has been hit by a cyberattack, forcing it to cancel and delay several flights. Pro-Ukrainian hackers Silent Crow and Belarusian Cyberpartisans have claimed responsibility for the hack.
Context: An investigation is underway and Aeroflot has reportedly not ruled out the involvement of adversarial nations. It has canceled over 40 flights across the country, to the Belarusian capital Minsk, and the Armenian capital Yerevan.
Analyst note: The incident is very likely to spark a wave of cyberattacks by Russian hackers targeting Ukrainian, European, and American entities. Investigations are likely to lead to cross-border arrests of the responsible parties behind the attack.
French Defense Company Faces 1 TB Data Breach
What we know: French defense firm Naval Group is investigating a data breach after a threat actor allegedly leaked 1 TB of sensitive data. While the company has denied any breach of its systems or disruption to operations, it is working to verify whether the leaked data originated from its infrastructure.
Context: On July 22, 2025, the threat actor "Neferpitou” claimed on the dark web forum DarkForums to have stolen data from Naval Group. The actor gave the company 72 hours to pay a ransom, threatening to leak the data for free if ignored. Another threat actor has also claimed to have obtained Naval Group’s data.
Analyst note: Since different actors have claimed to have in their possession Naval Group’s data, it is likely that the leaked files are recycled from previous military-related data breaches, rather than the result of a new data breach.
MacOS Vulnerability Bypasses Apple Intelligence Protections
Source: https://hackread.com/macos-sploitlight-flaw-apple-intelligence-cached-data/
What we know: A macOS flaw, dubbed “Sploitlight,” allowed attackers to exploit Spotlight plugins to bypass Apple’s privacy protections. The exploit enabled unauthorized access to sensitive data, including files and Apple Intelligence caches.
Context: Spotlight uses importers to index content from apps, but attackers modified them to leak data from protected areas like Downloads or Pictures. Even Transparency, Consent, and Control (TCC) protected Apple Intelligence metadata—like location, search history, and recognized faces—was exposed.
Analyst note: Given Apple Intelligence's default installation on Advanced RISC Machine (ARM) Macs, millions of users were potentially exposed. Attackers are likely to exploit the flaw to extract sensitive data, track users, and access synced iCloud metadata, risking complete ecosystem compromise.
DEEP AND DARK WEB INTELLIGENCE
Telegram user Golden Falcon: Pro-Palestinian hacktivist group "Golden Falcon," has claimed to have gained access to the Great Lakes Water Authority (GLWA) Northeast Water Treatment Plant. Unauthorized access to water infrastructure could disrupt essential services, enable tampering with water quality, and expose systemic weaknesses tied to other critical infrastructure.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2023-2533: This is an already patched Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software that enables attackers to execute arbitrary code if an admin clicks on a malicious link. CISA has warned that the vulnerability is being actively exploited. Ransomware groups such as LockBit and Cl0p and Iran-linked hackers are known to exploit the bug. Successful exploitation is likely to allow threat actors to steal sensitive documents saved on PaperCut printing servers.
Affected products: The affected products are included in this advisory.
Tags: DIB, tlp:green