ZeroFox Daily Intelligence Brief - December 24, 2025

ZeroFox Daily Intelligence Brief - December 24, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• U.S. Dismantles USD 28 Million Bank Account Takeover Criminal Scheme
• FBI Warns Public of Holiday Cyber Scams
• Cyberattack Briefly Disrupts French Postal and Banking Systems

U.S. Dismantles USD 28 Million Bank Account Takeover Criminal Scheme

Source: https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html

What we know: Law enforcement in the United States and Estonia have seized a web domain and database used by threat actors in a bank account takeover fraud targeting Americans that resulted in attempted losses of approximately USD 28 million.

Context: The domain, web3adspanels[.]org, imitated the sponsored search engine advertisements used by legitimate banking entities. Victims were redirected from legitimate-looking websites to fake websites, embedded with malicious software that stole bank login credentials entered by the victims.

Analyst note: The criminal internet infrastructure seizure is very likely to at least disrupt immediate illicit activities operated via the infrastructure. However, unless the threat actors are held, the fraudulent activity is likely to reemerge with new internet infrastructure.

FBI Warns Public of Holiday Cyber Scams

Source: https://www.fbi.gov/contact-us/field-offices/chicago/news/fbi-chicago-warns-public-about-growing-frauds-and-scams-throughout-the-holiday-season

What we know: The FBI has issued a holiday advisory about widespread online and cyber scams, including fake copycat websites, fake charities, impersonation schemes, and payment requests using gift cards, wire transfers, or cryptocurrency.

Context: In 2024, the FBI received over 535,000 fraud complaints totaling USD 13.7 billion in losses, with adults over 60 reporting the highest number of cases and financial harm. The FBI has urged families to talk openly and verify online purchases and donations.

Analyst note: The advisory likely indicates the growing scale of common yet dangerous holiday-related cyber fraud that exploits the shopping rush and chaos during holidays.

Cyberattack Briefly Disrupts French Postal and Banking Systems

Source: https://www.securityweek.com/cyberattack-disrupts-frances-postal-service-and-banking-during-christmas-rush/

What we know: France’s national postal service La Poste suffered a distributed denial-of-service (DDoS) cyberattack a few days before Christmas, knocking its online systems offline for hours.

Context: The DDoS attack reportedly lasted eight hours. During this period, deliveries requiring tracking were delayed and online payments went offline. The attack also disrupted La Postal’s banking subsidiary, La Banque Postale’s online banking services, blocking app-based payment approvals and forcing customers to use SMS instead.

Analyst note: At the time of writing, no threat actor has claimed responsibility, unlike typical hacktivism-driven DDoS attacks. This suggests the actor likely has other intentions, such as using the disruption as a smokescreen to conduct covert activities, test system vulnerabilities, and gather intelligence for potential future attacks on France’s critical infrastructure.

DEEP AND DARK WEB INTELLIGENCE

Insurance company Aflac confirms data breach: Aflac has confirmed a June 2025 data suffered a data breach affecting more than 20 million people, exposing personal and health information, including Social Security numbers and identification. The breach is likely to lead to identity theft, financial fraud, and unauthorized access to sensitive health information for affected individuals.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2025-68613: This critical vulnerability in n8n, a workflow automation platform, enables actors to execute arbitrary code, compromising workflows and system operations. Over 103,000 instances are reportedly at risk worldwide. Users are urged to update immediately or restrict workflow permissions and harden their environments. Threat actors are likely to exploit this vulnerability to carry out full system compromise and unauthorized access to sensitive data.

Affected products: All n8n versions from 0.211.0 up to, but not including 1.120.4