Advisories

ZeroFox Weekly Intelligence Brief – January 17, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – January 17, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on January 15, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Threat Actor Claims Access to Target’s Internal Development Environment

What we know:

  • An unknown threat actor has reportedly attempted to sell internal source code of American retailer Target Corporation on Gitea, a software development host platform.
  • The threat actor has reportedly posted screenshots as evidence in a private hacking community, advertising a total dataset of about 860 GB.

Instagram Acknowledges Bug; Says There Is No Data Breach

What we know:

  • Instagram has acknowledged a systematic bug that enabled threat actors to send password reset emails reported by users.
  • However, Instagram has denied all data breach claims on its X account.

Illegal Service Provider Enabling Fraud Disrupted

What we know:

  • Working together, researchers and law enforcement have successfully disrupted RedVDS, a cybercrime service used to support phishing, business email compromise (BEC), and fraud operations.
  • The operation seized RedVDS domains and servers and dismantled payment networks tied to the service.

Tags: tlp:green