ZeroFox Weekly Intelligence Brief – January 24, 2026

ZeroFox Weekly Intelligence Brief – January 24, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on January 22, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

New PDFSider Malware Leveraged Against Fortune 100 Company

What we know:

• A new malware strain called PDFSider is reportedly actively being used by various ransomware groups, including Qilin, to compromise corporate networks.
• Researchers have labeled it an Advanced Persistent Threat.
• The malware has been observed in attacks against large corporations, including a Fortune 100 financial firm.
• Researchers discovered that the malware is designed to create a backdoor, enabling covert control of the infected systems.

UK Cyber Agency Warns of Ongoing Attacks by Pro-Russian Hackivist Groups

What we know:

• The United Kingdom’s cyber agency National Cyber Security Centre has issued a warning to organizations and critical infrastructure operators regarding ongoing disruption attempts by pro-Russian hacktivist groups.
• A previous alert linked to the warning also specifically mentions hacktivist group NoName057(16).
• ZeroFox also published its assessment of the warning here.

North Korean Threat Actors Deploying Malware via Malicious VS Code Projects

What we know:

• North Korean threat actors are reportedly using malicious Visual Studio (VS) Code projects as part of fake job assessments to deliver a backdoor with remote code execution (RCE) capabilities on the target system.