ZeroFox Daily Intelligence Brief - August 5, 2025

ZeroFox Daily Intelligence Brief - August 5, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• FinCEN Issues Notice on the Use of CVC Kiosks for Scam Payments and Other Illicit Activity
• FBI Philadelphia Warns of Impersonation Scams Targeting International Students
• Chanel’s U.S. Customers Exposed in Ongoing Salesforce Data Theft Attacks

FinCEN Issues Notice on the Use of CVC Kiosks for Scam Payments and Other Illicit Activity

Source: https://www.fincen.gov/news/news-releases/fincen-issues-notice-use-convertible-virtual-currency-kiosks-scam-payments-and

What we know: The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has notified financial institutions to monitor and report illicit activity, including scams, cybercrimes, and drug trafficking, involving convertible virtual currency (CVC) kiosks.

Context: CVC kiosks, similar to ATMs but for buying and selling digital assets, are often placed in high-traffic locations. The risk of illicit activity is exacerbated if CVC kiosk operators fail to meet their obligations under the Bank Secrecy Act (BSA).

Analyst note: Illicit activity involving CVC kiosks includes fraud, certain types of cybercrime, and drug trafficking organization activity, with scams often targeting vulnerable populations and causing severe financial and emotional harm.

FBI Philadelphia Warns of Impersonation Scams Targeting International Students

Source: https://www.fbi.gov/contact-us/field-offices/philadelphia/news/fbi-philadelphia-warns-of-government-impersonation-scam-affecting-international-college-students-1

What we know: The FBI Philadelphia Field Office is warning international college and university students returning for the fall semester about a scam where criminals impersonate international police to extort money by falsely claiming the victims are under investigation.

Context: Since 2022, scammers posing as Chinese police have targeted students by accusing them of financial crimes, coercing them into constant surveillance, and extorting large sums under threats of arrest and forced return to China.

Analyst note: The scammers’ continuous monitoring demand could involve gaining unauthorized access to victims’ devices, compromising their privacy and university systems. If infected devices or compromised accounts are used on campus, attackers could access research data, credentials, and internal networks.

Chanel’s U.S. Customers Exposed in Ongoing Salesforce Data Theft Attacks

Source: https://www.bleepingcomputer.com/news/security/fashion-giant-chanel-hit-in-wave-of-salesforce-data-theft-attacks/

What we know: Luxury fashion house Chanel is the latest victim of a data breach in the ongoing Salesforce data theft attacks, attributed to the ShinyHunters extortion group. Chanel’s U.S. customers have been affected in the breach.

Context: Personally identifiable information (PII) including name, email addresses, physical addresses, and phone numbers were stolen. Salesforce has claimed that threat actors are using social engineering attacks to gain access to customer accounts, denying platform compromise.

Analyst note: ShinyHunters’s activity continues despite recent arrests, likely indicating a larger group of affiliates who are also reportedly associated with the Scattered Spider group and a collective known as The Com. Organizations are advised to alert employees of the ongoing social engineering attacks involving vishing and “MFA fatigue” tactics.

DEEP AND DARK WEB INTELLIGENCE

PXA stealer hits 62 countries: Vietnamese-speaking cybercriminals are distributing the Python-based PXA Stealer, which has infected over 4,000 IP addresses across 62 countries. This has caused the theft of over 200,000 passwords, hundreds of credit card records, and over 4 million browser cookies. The stolen data is monetized via a subscription-based underground network using Telegram APIs. Such large-scale data theft can lead to account takeovers, payment fraud, and financial extortion attacks.

VULNERABILITY AND EXPLOIT INTELLIGENCE

NVIDIA vulnerabilities: Multiple vulnerabilities in NVIDIA's Triton Inference Server affect its Python backend. When chained together, the vulnerabilities could enable remote attackers to gain full control of AI servers without authentication. The flaws have been patched. If patches are not deployed, threat actors could steal data, execute code, and access networks to conduct supply chain attacks.

Affected products: The affected products are included in this advisory.