ZeroFox Daily Intelligence Brief - June 17, 2026

ZeroFox Daily Intelligence Brief - June 17, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• ZeroFox Intelligence Flash Report - LLM Jailbreak Chatter on the Deep and Dark Web
• ZeroFox Intelligence Flash Report - AI-Ransomware Toolkit Automates Operations
• Novo Nordisk Targeted by Two Separate Extortion Campaigns

ZeroFox Intelligence Flash Report - LLM Jailbreak Chatter on the Deep and Dark Web

Source: https://www.zerofox.com/advisories/40522/

What we know: ZeroFox has observed active discussions and offerings on the deep and dark web (DDW) regarding jailbreaks of multiple artificial intelligence (AI) and large language model (LLMs) tools, including Anthropic's recently released Claude Mythos 5 and Fable 5.

Context: Threat actor “d4rm3an” claimed on dark web forum ReHub to have successfully extracted and bypassed Fable 5's system prompt within 24 hours of its public release on June 9, 2026, sharing a full demonstration and jailbreak file publicly. Additionally, jailbreaks for Claude 4.6 and Opus 4.8, Grok, DeepSeek, and ChatGPT were identified on the Telegram channel "GANOSECTEAM COMUNITY".

Analyst note: The public sharing of jailbreak files and techniques on DDW forums likely extends the risk to the broader criminal ecosystem that consumes them. It is almost certain that threat actors, including less technically advanced actors, will continue to seek vulnerabilities within these models to conduct a variety of cyberattacks.

ZeroFox Intelligence Flash Report - AI-Ransomware Toolkit Automates Operations

Source: https://www.zerofox.com/advisories/40508/

What we know: ZeroFox has observed an unknown threat actor almost certainly using commercially available artificial intelligence (AI) technologies to develop and iteratively test endpoint detection and response (EDR) evasion techniques within a post-exploitation framework that was presented as a “red team” exercise.

Context: The threat actor reportedly used AI primarily to coordinate workflows and support experimentation, while the EDR-bypass work followed a structured engineering test cycle that included human review and iteration.

Analyst Note: ZeroFox assesses the framework was very likely built for criminal use rather than legitimate security testing. The activity is linked to known ransomware deployment and data theft operations, and the red team framing was likely a pretext to circumvent the AI model's safety guardrails. The use of AI to accelerate tooling and test evasion techniques likely lowers the barrier to entry for sophisticated, red team-style intrusions but does not change defensive priorities.

Novo Nordisk Targeted by Two Separate Extortion Campaigns

Source: https://databreaches.net/2026/06/16/one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid/

What we know: Danish pharmaceutical company Novo Nordisk has reportedly been targeted by two separate threat actors, “FulcrumSec” and “TheUSERS007”, in March and June 2026, respectively. Both FulcrumSec and TheUSERS007 reportedly engaged Novo Nordisk in separate extortion negotiations, demanding USD 25 million and USD 50 million respectively.

Context: FulcrumSec claims to have stolen 1.3 TB of data, including clinical trial information, employee credentials, and proprietary drug research. TheUSERS007 claims it exploited an exposed Harbor container registry to steal over 16 GB of AI-related intellectual property data, including model weights, source code, SSH keys, datasets, and internal infrastructure data. The group allegedly used AI tool "Venomware" to fasttrack the compromise.

Analyst Note: Both groups have stolen data with the intent of extorting Novo Nordisk. However, TheUSERS007 appears to have been more selective, focusing on high-value assets such as source code and AI model weights. TheUSERS007 also likely intended to gain insight into Novo Nordisk's AI capabilities and replicate proprietary models.

DEEP AND DARK WEB INTELLIGENCE

DarkForums user BigBrother: A moderately credible threat actor “BigBrother” has advertised network access to a SCADA system allegedly belonging to unknown Iran-based national dams on dark web forum DarkForums. The access allegedly includes super admin rights. The threat actor has quoted BTC 2 (approx. USD 65,700) for the access. If legitimate, the access is likely to enable threat actors to manipulate water supply and release.

DATA BREACHES INTELLIGENCE

iRhythm Digital confirms data breach: Healthcare company iRhythm Holdings has disclosed a data breach after threat actors accessed third-party applications through social engineering tactics, stealing patient and proprietary data. The attackers demanded a ransom on June 9, 2026. The company reportedly said its clinical systems, medical devices, manufacturing operations, and financial systems were not affected.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Google Cloud Vertex AI SDK for Python vulnerability: A vulnerability in Google Cloud Vertex AI SDK for Python, dubbed “Pickle in the Middle,” reportedly enables threat actors to hijack a victim's machine learning model upload and run code inside Google's serving infrastructure. Threat actors reportedly only require the victim's project ID, which is often public, to exploit the flaw.

Affected products: Google Cloud Vertex AI SDK for Python versions before 1.148.0