Advisories

ZeroFox Weekly Intelligence Brief – December 20, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – December 20, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on December 18, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

French Interior Ministry Hacked as BreachForums Re-emerges

What we know:

  • The French Interior Minister confirmed a cyberattack targeting the Ministry of the Interior’s email servers, stating that some files were accessed.
  • Around the same time, a BreachForums administrator, ”Indra”, claimed responsibility for the attack and stated data linked to more than 16 million individuals were stolen from French law enforcement databases, though these claims remain unverified.

Legitimate PayPal Emails Used in Social Engineering Attacks

What we know:

  • Scammers are abusing PayPal’s legitimate Subscriptions feature to send real PayPal emails that look like fake purchase confirmations.
  • By reportedly manipulating the Customer Service URL field in a subscription, they embed scam text claiming an expensive device purchase and listing a fake “PayPal support” phone number.

CISA Releases Guide for Stadium and Arena Owners Ahead of Major Events

What we know:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide for stadium and arena owners and operators to help them mitigate the consequences of potential cyber and physical disruptions to four critical lifeline sectors (energy, water and wastewater systems, communications, and transportation).

Tags: tlp:green