Advisories

ZeroFox Weekly Intelligence Brief – January 3, 2025

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – January 3, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on January 1, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

IP Management Company Breached

What we know:

  • Decentralized intellectual property (IP) management platform Unleash Protocol has suffered a USD 3.9 million cryptocurrency theft after a threat attacker gained administrative control of its multisig governance system.
  • The attacker executed an unauthorized smart contract upgrade that enabled illicit withdrawals of multiple assets.

Phishing Campaign Targets U.S. Critical Infrastructure Using Malicious Npm Packages

What we know:

  • A sustained phishing campaign, using 27 malicious npm packages, has been reportedly targeting critical infrastructure and adjacent organizations in the United States and allied countries to steal credentials.

MongoBleed Exploitation Endangers More than 80K MongoDB Instances

What we know:

  • Threat actors are actively exploiting a critical MongoDB vulnerability, MongoBleed (CVE-2025-14847).
  • The flaw enables unauthenticated attackers to remotely leak sensitive in-memory data, including database credentials and cloud secrets, from exposed servers.

Tags: tlp:green