ZeroFox Daily Intelligence Brief - July 31, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - July 31, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- FunkSec Ransomware Decryptor Available for Free
- CISA Releases Incident Response Tool
- CISA Releases Part One of Zero Trust Microsegmentation Guidance
FunkSec Ransomware Decryptor Available for Free
Source: https://thehackernews.com/2025/07/funksec-ransomware-decryptor-released.html
What we know: A decryptor for the FunkSec ransomware is now available for affected entities that can help them recover access to encrypted files for no cost.
Context: FunkSec ransomware has reportedly been inactive since March 18, 2025, when it stopped adding new victims to its leak site. It emerged at the end of 2024 and claimed 172 victims, mostly located in the United States, Brazil, and India.
Analyst note: The decryptor only works on encrypted files that match FunkSec’s signature. Decrypting the affected files could result in partial recovery or corruption, hence a backup of these files is advised.
CISA Releases Incident Response Tool
Source: https://www.cisa.gov/resources-tools/resources/eviction-strategies-tool
What we know: CISA has released Eviction Strategies Tool, which includes Playbook-NG, a web app for generating response plans, and COUN7ER, a database of mapped countermeasures to adversary Tactics, Techniques, and Procedures (TTPs).
Context: The tool is a free, open-source resource designed to help incident responders quickly and effectively remove threat actors from compromised networks. The tool allows defenders to generate customized response plans based on real-world threat intelligence without storing user data.
Analyst note: Defenders could update this tool to keep response plans aligned with the evolving cyber threat landscape, where threat actors continue to incorporate AI-driven automation and other advanced tactics. By mapping countermeasures to TTPs in real time, the tool will likely help organizations stay ahead of threat actors.
CISA Releases Part One of Zero Trust Microsegmentation Guidance
What we know: CISA has released a new guidance, which outlines core concepts, benefits, and planning considerations for implementing microsegmentation in Zero Trust Architectures (ZTA).
Context: Microsegmentation is a critical component of ZTA that reduces the attack surface, limits lateral movement, and enhances visibility for monitoring smaller, isolated groups of resources. The guidance supports Federal Civilian Executive Branch (FCEB) agencies on their mandated journey to adopt Zero Trust.
Analyst note: Successful application of microsegmentation concepts are likely to improve enterprise cybersecurity and availability. While the guidance focuses on FCEB references, its principles, which make it harder for attackers to navigate internal systems, are applicable to any organization.
DEEP AND DARK WEB INTELLIGENCE
FBI warns of jury duty scam: The FBI is warning the public about a jury duty scam involving fake federal arrest warrants. Scammers falsely claim victims missed jury duty and must pay a fine via virtual currency to avoid arrest, using spoofed caller IDs and forged documents with real officials' names. Legitimate warrants are never sent by text or email and never require payment. This scam will likely cause financial harm, with victims losing thousands of dollars in irreversible virtual currency payments and little chance of recovery once the funds are transferred.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2025-6558: Apple has released patches for CVE-2025-6558, a zero-day vulnerability in the ANGLE graphics layer, exploited via malicious HTML to execute code remotely. The flaw is linked to threat actors targeting Google Chrome users. CISA added this vulnerability to its Know Exploited Vulnerability (KEV) catalogue on July 22. Threat actors could establish persistence on affected devices, gain access to systems, and exfiltrate data from unpatched systems.
Affected products: Google Chrome versions 138.0.7204.157 before 138.0.7204.157
Tags: DIB, tlp:green