zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – June 20, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – June 20, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on June 18, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Cal Water Allegedly Hacked by Iran-Linked Handala Hack Team

What we know:

  • Iran-linked hacktivist group Handala Hack Team has claimed responsibility for hacking California Water Service (Cal Water) in retaliation for U.S. actions against Iran.
  • The group alleges it has the capability to disrupt water access but has opted not to.

“FortiBleed” Campaign Targets Over 320K Fortinet Devices Globally

What we know:

  • An ongoing credential-harvesting campaign, dubbed "FortiBleed," has reportedly compromised approximately 75,000 Fortinet firewall and Virtual Private Network (VPN) devices across 194 countries..
  • Fortune 500 companies and government agencies in more than 15 countries have reportedly been affected.

Exposed Database Sourced from Infostealer Logs Taken Offline

What we know:

  • Researchers have reportedly discovered a leaked database of 24 billion records originating from an Elasticsearch cluster, containing over 8 TB of data.
  • The data set is an aggregation of data and not the result of a recent breach. The database is now reportedly offline.

Tags: tlp:green