ZeroFox Daily Intelligence Brief - September 12, 2025
|by Alpha Team
ZeroFox Daily Intelligence Brief - September 12, 2025
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Unpatched CarPlay Flaw Leaves Vehicles Exposed to Remote Exploits
- UK Rail Operator Confirms Breach Exposes Contact Info and Travel History
- Panama Finance Ministry Confirms Cyberattack
Unpatched CarPlay Flaw Leaves Vehicles Exposed to Remote Exploits
Source: https://www.darkreading.com/vulnerabilities-threats/apple-carplay-rce-exploit
What we know: Most vendors and all car manufacturers have yet to fix a buffer overflow vulnerability in Apple CarPlay, CVE-2025-24132, despite patches being available since its disclosure on April 29, 2025.
Context: The flaw enables attackers to compromise CarPlay without user interaction, either via USB or nearby Wi-Fi. Systems remain exposed due to slow adoption of fixes. Additionally, Apple has warned customers of a new wave of spyware attacks targeting their devices.
Analyst note: Exploiting this bug could enable attackers to gain control over CarPlay, which they could use to breach privacy, cause distractions or manipulate vehicle systems, and risk the safety of drivers or users.
UK Rail Operator Confirms Breach Exposes Contact Info and Travel History
Source: https://www.theregister.com/2025/09/11/lner_says_customer_data_stolen/
What we know: One of the UK’s largest rail operators, has confirmed a data breach involving customer contact details and journey history. While the breach did not impact payment or password data, the company is warning customers to stay alert for phishing attempts.
Context: The attack exploited a third-party supplier's systems in the breach. The operator has yet to confirm whether the attack was an insider breach or conducted by a threat actor.
Analyst note: If multiple railway service providers use the same third-party supplier, they could also be at risk of compromise. Other railway entities could experience a decrease in application and online booking usage in the near future.
Panama Finance Ministry Confirms Cyberattack
What we know: Panama's Ministry of Economy and Finance (MEF) has revealed that one of its systems was compromised in a cyberattack, but its core network was not impacted. Meanwhile, ransomware group INC Ransom claimed an attack on MEF on September 5, 2025.
Context: INC Ransom claimed they have stolen over 1.5 TB of data from MEF's systems, including financial documents, emails, and budgeting details. The MEF manages the Panama Canal revenues, fiscal policy, debt, and public expenditures.
Analyst note: Sensitive financial information of foreign account holders, particularly those of influential individuals or entities, is likely at risk of exposure, given Panama’s reputation as a tax haven. Threat actors are likely to use the stolen data to carry out phishing and social engineering attacks.
DEEP AND DARK WEB INTELLIGENCE
Telegram user Scattered Lapsus$ Hunters: On September 11, 2025, ZeroFox observed threat group "Scattered Lapsus$ Hunters" claiming responsibility for breaches targeting multiple entities worldwide. ZeroFox assesses this channel is likely impersonating well-known cybercriminals and recycling old breached datasets as new.
VULNERABILITY AND EXPLOIT INTELLIGENCE
Cisco patches three vulnerabilities: Cisco has released patches for three vulnerabilities in its IOS XR software. CVE-2025-20248 can enable attackers to bypass image signature verification. The other two bugs are an ARP-based denial-of-service (DoS) vulnerability (CVE-2025-20340) and an ACL bypass vulnerability (CVE-2025-20159). Threat actors could exploit these to carry out traffic manipulation and denial-of-service attacks, which could disrupt operations.
Affected products: Cisco IOS XR software
Tags: DIB, tlp:green