Advisories

ZeroFox Weekly Intelligence Brief – November 1, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – November 1, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on October 30, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Major Telecom Supplier Customer Files Allegedly Accessed by Nation-State Actor

What we know:

  • A major U.S. telecom supplier, Ribbon Communications, has disclosed a cyber incident that resulted in unauthorized access to its IT network.
  • The company added that the threat actors are reportedly associated with a nation-state actor.
  • The intruders reportedly remained hidden for nine months before the company became aware of the breach in early September 2025.

Researchers Find Over 4TB of EY’s SQL Database Exposed

What we know:

  • An SQL Server backup file with more than 4TB of data from accounting and consulting firm EY was reportedly exposed online, leaking sensitive corporate data.

North Korean Hackers Use Fake Job Offers to Steal Sensitive Drone and Aerospace Intelligence

What we know:

  • North Korean state hackers, tied to the Lazarus Group, have been impersonating defense recruiters to lure European engineers with fake job opportunities and deploy malware to steal sensitive drone and aerospace intelligence.

Tags: tlp:green