zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – June 13, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – June 13, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on June 11, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

PCPJack Hijacks Cloud Servers to Establish Distributed Email Relay Network

What we know:

  • Threat actor PCPJack has reportedly hijacked servers of three major cloud platforms to create a covert Simple Mail Transfer Protocol (SMTP) email relay network.
  • Approximately 230 active proxy nodes were discovered, potentially suggesting the email operation had already reached a large scale.

Russian Threat Groups Exploit Patched WinRAR Flaw in Ukraine Campaign

What we know:

  • Two Russia-aligned threat groups, “Gamaredon” and “SHADOW-EARTH-066”, are reportedly exploiting a patched WinRAR path traversal vulnerability (CVE-2025-8088) to target Ukrainian organizations.
  • The campaigns deploy information-stealing malware strains to harvest browser credentials and documents.

ShinyHunters Targets Oracle PeopleSoft in Data Theft Campaign

What we know:

  • The ShinyHunters extortion group is reportedly targeting Oracle PeopleSoft servers in an ongoing data theft attack, which has affected over 100 organizations, mostly in the education sector.

Tags: tlp:green