Advisories

ZeroFox Weekly Intelligence Brief – November 15, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – November 15, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on November 13, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

New Scam Center Strike Force Formed to Disrupt Southeast Asian Crypto Scams Targeting Americans

What we know:

  • The U.S. Department of Justice (DOJ) and its partners have launched the Scam Center Strike Force to counter Southeast Asian crypto-investment fraud targeting Americans.
  • Early operations have already recovered over USD 400 million in stolen cryptocurrency.
  • The initiative brings together federal law enforcement, financial crime units, and international partners under one coordinated structure.

Europol Dismantles Rhadamanthys, VenomRAT, Elysium in Operation Endgame

What we know:

  • Europol announced the takedowns of Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium infostealers as part of Operation Endgame between November 10 and November 13, 2025.

CISA Reissues Alert for Federal Agencies to Patch Cisco ASA and Firepower Devices

What we know:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert warning federal agencies that threat actors have continued to target vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices, directing agencies to update affected devices to the correct minimum versions.

Tags: tlp:green