ZeroFox Daily Intelligence Brief - August 6, 2025

ZeroFox Daily Intelligence Brief - August 6, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• ClickFix Malware Uses Fake Errors and CAPTCHAs to Trigger Cross-Platform Infections
• Dell Fixes Security Bug That Put Millions of Laptops at Risk
• Pandora Data Breach Compromises Customer Information

ClickFix Malware Uses Fake Errors and CAPTCHAs to Trigger Cross-Platform Infections

Source: https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html

What we know: A social engineering tactic, called ClickFix, is tricking users into running malicious commands to spread cross-platform infections under the guise of fixing fake errors or solving CAPTCHAs.

Context: First detected in early 2024, ClickFix spreads via phishing, drive-by downloads, malvertising, and SEO poisoning. It abuses trusted infrastructure and compromised sites to deliver commands that deploy stealers, remote access trojans (RATs), and loaders.

Analyst note: ClickFix bypasses standard security prompts and download barriers, and enables attackers to stealthily deploy malware across multiple operating systems. If left unchecked, it could result in large-scale credential theft, enable remote espionage, and cause long-term infiltration of both corporate and personal networks.

Dell Fixes Security Bug That Put Millions of Laptops at Risk

Source: https://www.reuters.com/business/security-flaw-found-fixed-that-could-have-left-millions-dell-laptops-vulnerable-2025-08-05/

What we know: A flaw in Broadcom BCM5820X chips used in over 100 Dell laptop models could enable attackers to steal sensitive data and retain access even after a fresh OS install. Dell patched the flaws between March and May 2025, and issued a public advisory in June.

Context: These chips, part of Dell’s ControlVault security system, store passwords, biometric data, and encryption keys, and are widely used in laptops popular in government and cybersecurity sectors. The vulnerabilities were confirmed by Dell but there is no evidence of exploitation in the wild at the time of writing.

Analyst note: Because the flaw targets hardware-level security, attackers could bypass OS protections, harvest sensitive credentials, and persist on systems even after reinstallation. If left unpatched, it could enable espionage, data theft, or long-term compromise in high-security environments.

Pandora Data Breach Compromises Customer Information

Source: https://www.bleepingcomputer.com/news/security/pandora-confirms-data-breach-amid-ongoing-salesforce-data-theft-attacks/

What we know: Pandora has disclosed a data breach after threat actors stole customer contact details from a third party platform, suspected to be Salesforce. Customers' names, dates of birth, and email addresses are compromised.

Context: ShinyHunters is suspected of carrying out this attack, having previously targeted companies such as LVMH, Chanel, and Qantas’s Salesforce accounts. Cisco has also confirmed a data breach, which is also likely a part of the ongoing Salesforce breach campaign, though the company has not confirmed any association at the time of writing.

Analyst note: The breach at Pandora likely indicates that threat actors are systematically exploiting third-party platforms to steal customer data from high-profile organizations. If these attacks continue, more organizations using Salesforce could be at risk of having their customer and corporate data stolen.

DEEP AND DARK WEB INTELLIGENCE

Columbia University data compromised: A threat actor has breached Columbia University, stealing sensitive data of students and alumni, including bank details, academic records, and admissions outcomes. Over 53 GB of data has been compromised, likely exposing members of the university community to identity theft, fraud, and privacy violations.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Google addresses several Android flaws: Google has issued August 2025 Android security updates, addressing several flaws including multiple Qualcomm vulnerabilities, which were under active exploitation. Google urges users to urgently deploy patches to curb potential future attacks. If the patches are not deployed, threat actors could carry out memory corruption and remote code execution.

Affected products: The affected products are included in this advisory.