ZeroFox Daily Intelligence Brief - August 22, 2025

ZeroFox Daily Intelligence Brief - August 22, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Europol Flags USD 50,000 Bounty for Qilin Ransomware as Scam
• Medical Marijuana Patient Data Leak Puts 957,000 at Risk
• Geopolitical Focus: Casualties, Charges, Disasters, and Disruptions

Europol Flags USD 50,000 Bounty for Qilin Ransomware as Scam

Source: https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/

What we know: Europol has flagged reports of it offering USD 50,000 for information on Qilin ransomware actors as a “scam.” The message was first found on a Telegram channel claiming to be run by Europol. However, Europol does not have an official Telegram channel.

Context: The Telegram post promised a bounty for information on threat actors, known online as “Haise” and “XORacle,” who reportedly oversaw extortion activities. Meanwhile, Qilin ransomware has claimed a 4TB data breach at a subsidiary of Japanese automaker, Nissan.

Analyst note: The incident very likely indicates an attempt by threat actors to spread disinformation in underground communities. Additionally, it spotlights the threat of fake social media accounts being created to run scams in the name of legitimate organizations.

Medical Marijuana Patient Data Leak Puts 957,000 at Risk

Source: https://hackread.com/ssns-health-records-exposed-marijuana-patient-database/

What we know: Two misconfigured, unprotected databases belonging to Ohio Medical Alliance (Ohio Marijuana Card) are exposed online. The exposed databases include 957,434 records containing Social Security numbers (SSNs), IDs, medical files, and sensitive staff notes.

Context: The 323 GB database included PDFs, images, and a CSV of internal comments tied to patients, employees, and partners. Data ranged from driver’s licenses to mental health evaluations.

Analyst note: Nearly one million patients and staff now face long-term risks, as leaked SSNs and IDs enable fraud, medical release forms could be misused for false claims, and the exposure of post-traumatic stress disorder (PTSD) and anxiety evaluations could increase the threat of stigma, discrimination, and reputational harm.

Geopolitical Focus: Casualties, Charges, Disasters, and Disruptions

• At least 18 people were killed in Colombia after a car bomb injured more than 60 people. In a separate incident, a drone strike has downed a police helicopter, killing at least 12. The attacks have prompted the government to convene a security council to enhance security measures.
• A 7.5 magnitude earthquake has struck the Drake Passage between South America and Antarctica, prompting brief tsunami warnings for Chile’s coastal and Antarctic areas. Although the magnitude is large, at the time of writing, authorities have confirmed that there is no threat of tsunamis.
• An individual suspected of helping sabotage the Nord Stream gas pipelines in 2022 has been arrested. The Nord Stream explosions cut Russian gas to Europe, reportedly escalating the Ukraine conflict.
• The U.S. Treasury has sanctioned an individual allegedly linked to Iran’s shadow fleet, along with their network of companies and vessels, for reportedly aiding Iran in secretly transporting and selling oil. Several other vessels and operators are also being sanctioned for facilitating Iranian oil exports that reportedly fund the country’s advanced weapons programs.
• An individual is facing federal charges for making racist and violent threats by phone, email, and text that targeted a city employee and their colleagues.

DEEP AND DARK WEB INTELLIGENCE

Intel data breach exposes 270K employees: A chain of severe security vulnerabilities in Intel’s internal web systems exposed the personal data of more than 270,000 employees and likely have enabled attackers to gain access to highly sensitive corporate and supplier information. Attackers could also exploit stolen credentials to infiltrate critical systems, leak intellectual property, or disrupt operations leading to identity theft, corporate espionage, and supply chain compromises.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Commvault security patches: Commvault has released security patches for four vulnerabilities that enable remote code execution (RCE) attacks. This includes a high severity vulnerability, tracked as CVE-2025-57790, that enables unauthorized access to file systems due to a path traversal issue, resulting in RCE. Unpatched Commvault systems are likely to expose organizations to data theft, encryption, or corruption by threat actors.

Affected products: Commvault versions before 11.36.60