ZeroFox Daily Intelligence Brief - September 16, 2025

ZeroFox Daily Intelligence Brief - September 16, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Former Employee Access at FinWise Triggers Data Breach
• AI Pentest Tool Villager Raises Concerns over Chinese Firm’s Motives
• Brazilian Healthcare Software Provider Breached by KillSec Ransomware

Former Employee Access at FinWise Triggers Data Breach

Source: https://www.bleepingcomputer.com/news/security/finwise-insider-breach-impacts-689k-american-first-finance-customers/

What we know: FinWise Bank has disclosed that a suspected former employee accessed sensitive files after their employment ended, leading to a data breach affecting close to 700,000 American First Finance customers.

Context: FinWise Bank, which partners with American First Finance to originate and fund loans, suffered this breach that impacted American First Finance and its customers. The breach involves customer personally identifiable information (PII), including full names and other personal data that was reportedly redacted in the notification.

Analyst note: The compromised American First Finance customer data is likely highly marketable for sale on dark web marketplaces, where complete identity profiles (“fullz”) fetch high prices due to their potential use in financial fraud.

AI Pentest Tool Villager Raises Concerns over Chinese Firm’s Motives

Source: https://hackread.com/china-ai-pentest-tool-villager-10k-downloads/

What we know: Villager, an AI-driven penetration testing tool released publicly on the Python Package Index (PyPI) and promoted for its red teaming capabilities, has raised concerns among cybersecurity researchers after being downloaded over 10,000 times since July 2025.

Context: The tool is traced to a former Chinese capture-the-flag (CTF) competitor, “HSCSEC,” linked to an AI development firm, called Cyberspike, with a dubious history. The AI-integration in Villager enables automation in reconnaissance, vulnerability exploitation, and other tasks.

Analyst note: Villager is likely to be misused by threat actors, similar to legitimate red teaming tool Cobalt Strike. The tool being hosted on Cyberspike’s infrastructure and connected to its private GitLab repository, likely indicates an attempt to control Villager’s potential misuse.

Brazilian Healthcare Software Provider Breached by KillSec Ransomware

Source: https://www.darkreading.com/cyberattacks-data-breaches/killsec-ransomware-brazil-healthcare-software-provider

What we know: KillSec ransomware group has attacked Brazilian healthcare software provider MedicSolution and stolen over 34 GB of data with more than 94,000 files, including lab results, X-rays, unredacted patient images, and minors’ records.

Context: A popular misconfigured cloud repository being exposed, potentially for months, led to the breach. Since MedicSolution provides cloud services to clinics and practices across Brazil, the compromise puts many downstream healthcare organizations at risk.

Analyst note: Supply-chain attacks in healthcare can impact several downstream healthcare entities. Sensitive medical records, including those of children, could be leaked or sold on criminal markets, exposing targets to identity theft, fraud, blackmail, and extortion.

DEEP AND DARK WEB INTELLIGENCE

DarkForums user NetworkBrokers: An untested threat actor, named "NetworkBrokers," has advertised a self-developed antivirus (AV) malware scanning platform on dark web forum DarkForums. According to the post, the tool is a complete web-hosted platform featuring a register/login system, a user-friendly dashboard for scanning files, database, and backend. The threat actor claims it is implemented with a bypass signature and when an execution file is uploaded, the AV engine will not detect it and report it to antivirus vendors. The tool is very likely to help threat actors test malware for evasion without getting detected.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-10386: A public exploit is available for this remotely exploitable script-injection flaw. Successful exploitation enables attackers to execute arbitrary client-side scripts to hijack sessions, steal credentials, or deliver malware. This is likely to result in account takeover, user impersonation, targeted phishing, credential theft, and escalation into broader network compromise.

Affected products: Yida ECMS Consulting Enterprise Management System 1.0