ZeroFox Daily Intelligence Brief - September 3, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - September 3, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- ZeroFox Intelligence Flash Report: Russian Interference Blamed for Jamming EU President's Plane
- Salesloft Drift Supply-Chain Breach Continues With Cloudflare Exposure
- Cyberattack Forces JLR to Shut Systems Down
ZeroFox Intelligence Flash Report: Russian Interference Blamed for Jamming EU President's Plane
Source: https://www.zerofox.com/advisories/35531/
What we know: The European Commission (EC) publicly blamed Russia for an incident of GPS jamming targeting the navigation system of the plane of EC President Ursula Von Der Leyen. Pilots had to use paper maps to land the plane at Bulgaria's Plovdiv Airport.
Context: Incidents of jamming have been reported by airlines operating around the Baltic coast in the last few years, but this is the most high-profile incident. GPS jamming is a part of Russia’s hybrid warfare strategy seeking to limit the effectiveness of military aid to Ukraine.
Analyst note: While Russia’s hybrid warfare tactics have been usually reserved for states along its western periphery, Western Europe is likely to see an escalation in attacks as it steps up support for Ukraine. Russia is also likely to continue attacks on critical infrastructure and energy targets, as well as online targeting of European elections.
Salesloft Drift Supply-Chain Breach Continues With Cloudflare Exposure
What we know: Attackers have exploited the recent Salesloft Drift supply-chain breach to access Cloudflare’s Salesforce system, stealing 104 API tokens and text from customer support cases.
Context: This breach stems from the Salesloft Drift supply-chain compromise, which has affected hundreds of organizations. Hackers stole OAuth tokens and accessed Salesforce support data, exposing sensitive customer details at major tech firms, including Palo Alto Networks and PagerDuty.
Analyst note: The stolen data could be used for phishing, impersonation, or targeted intrusions across affected organizations. This will likely put Cloudflare and other affected companies at risk of coordinated follow-on attacks through the exploitation of compromised credentials and sensitive customer data.
Cyberattack Forces JLR to Shut Systems Down
Source: https://media.jaguarlandrover.com/news/2025/09/statement-cyber-incident
What we know: Jaguar Land Rover (JLR) has suffered a cyber incident that forced the company to shut down key systems, disrupting production and retail operations. The company says there is no evidence of customer data theft.
Context: UK dealers first flagged JLR disruptions after reportedly being unable to register new cars or supply parts.
Analyst note: Although no customer data theft has been confirmed, this cyberattack could affect the company's supply chain and associated entities like producers, distributors, and dealers.
DEEP AND DARK WEB INTELLIGENCE
Ukraine-linked FDN3 fuels cybercrime: Researchers have flagged FDN3, a Ukrainian cyber criminal infrastructure provider, for its involvement in large-scale brute-force and password spraying attacks on certain devices between June to July 2025. It is likely that FDN3 is providing resilient infrastructure to threat actors, enabling them to bypass security systems to gain initial access into corporate devices.
VULNERABILITY AND EXPLOIT INTELLIGENCE
CVE-2025-57819: An emergency patch has been released for a zero-day vulnerability exploited to breach FreePBX servers exposed to the public internet. The vulnerability is an insufficient sanitization of user-supplied data enabling attackers to access the FreePBX administrator panel. If left unpatched, threat actors are likely to be able to carry out remote code execution (RCE) and steal or encrypt sensitive data.
Affected products: The affected products are listed in this advisory.
Tags: DIB, tlp:green