zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – May 23, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – May 23, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on May 21, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

GitHub Discloses Unauthorized Access to Internal Repos

What we know:

  • GitHub is investigating unauthorized access to its internal repositories, with the activity resulting in the exfiltration of 3,800 internal repositories of the platform so far.
  • However, the company has clarified it has not found evidence of impact to repositories belonging to customer enterprises.

Banana RAT Campaign Targets Brazilian Banking Customers

What we know:

  • Financially motivated threat group SHADOW-WATER-063 is reportedly targeting Brazilian banking customers with a remote access trojan (RAT) called Banana RAT.
  • The campaign uses phishing links and fake invoice files distributed through WhatsApp and malicious domains to infect victims and steal money in real time.

Grafana Discloses GitHub Environment Compromise, Source Code Stolen

What we know:

Tags: tlp:green