ZeroFox Weekly Intelligence Brief – November 22, 2025

ZeroFox Weekly Intelligence Brief – November 22, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on November 13, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

BPH Providers Sanctioned and Disrupted

What we know:

• The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), along with other agencies, has sanctioned Media Land, a Russia-based bulletproof hosting (BPH) provider, for supporting ransomware and cybercrime operations.
• The sanctions also designate Media Land’s leadership, sister companies, and affiliates for evading previous sanctions.
• By offering resilient hosting and payment facilitation, Media Land facilitated global cybercriminal activity, increasing operational efficiency and anonymity for threat actors.

Europol Dismantles Rhadamanthys, VenomRAT, and Elysium in Operation Endgame

What we know:

• Europol announced the takedowns of the Rhadamanthys infostealer, the VenomRAT Remote Access Trojan, and the Elysium botnet as part of Operation Endgame between November 10 and November 13, 2025.

WhatsApp Vulnerability Enabled Global Phone Number Harvesting

What we know:

• Researchers have uncovered a major privacy flaw in WhatsApp’s contact discovery feature that enabled anyone to rapidly enumerate billions of phone numbers due to weak rate limiting and the platform’s reliance on predictable phone numbers as account identifiers.