zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – June 27, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – June 27, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on June 25, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Dify Issues Fixes for Four Flaws Affecting AI Application Security

What we know:

  • Four vulnerabilities in the open-source artificial intelligence (AI) platform Dify have been found to potentially enable threat actors to access sensitive AI application data, including chat histories, uploaded documents, and user files.
  • The flaws have been patched in Dify v1.14.2.

Brazil’s Defense Alert System Reportedly Hacked

What we know:

  • Brazil’s National Civil Defense has reported a suspected hacking of its official alert system after mass alerts containing the word “misanthropy” were sent to cell phones across multiple Brazilian states.

Authorities Seize Servers and Credentials Linked to Amadey and StealC Malware Strains

What we know:

  • Europol and partners have disrupted Amadey and StealC malware operations’ infrastructure as part of Operation Endgame.
  • The operation took down over 326 servers and disrupted C2 infrastructure, leading to the recovery of approximately 27 million stolen credentials from over 300,000 systems.

Tags: tlp:green