Advisories

ZeroFox Weekly Intelligence Brief – October 11, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – October 11, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on October 9, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Salesforce Notifies Customers It Will Not Pay Hacker Ransom

What we know:

  • Salesforce reportedly told its customers in an email on October 7 that it would not pay a ransom to hackers who claimed to have stolen client data and are threatening to leak it.
  • Salesforce has reportedly received "credible threat intelligence" that indicates the threat actors were planning to leak data stolen in an earlier security incident.

BreachForums[.]hn Seized in Joint International Law Enforcement Operation

What we know:

  • BreachForums[.]hn has been officially seized by law enforcement, with its clear net and onion domains now displaying a joint seizure notice from the DOJ, FBI, and French agencies BL2C and JUNALCO.

Chinese Cybercrime Group UAT-8099 Exploits Enterprise Web Servers for SEO Fraud

What we know:

  • Chinese-language group UAT-8099 is exploiting popular enterprise web servers to steal credentials, configuration files, and certificates while manipulating search rankings for search engine optimization (SEO) fraud.
  • Incidents have been reported across multiple regions, including India, Thailand, Vietnam, Canada, and Brazil.

Tags: tlp:green