fp-1b

The 2026 FIFA World Cup's 48 teams, 104 matches across Canada, Mexico, and USA heighten cyber risks from ransomware and hacktivists, targeting tech-reliant infrastructure. Experts urge collaboration, stable CISA funding, and daily best practices to secure the event.

Check Point uncovers Iranian-aligned Nimbus Manticore's (UNC1549) spear-phishing campaign hitting defense, telecom, and aviation in Denmark, Sweden, Portugal. Fake job portals deliver MiniJunk backdoor and MiniBrowse stealer via advanced DLL side-loading—boost phishing defenses now.

Cybercriminals leverage Dynamic DNS services to evade detection and build persistent command-and-control networks, abusing 70,000+ domains with minimal oversight. APT groups like Fancy Bear and Chinese hackers use obfuscation and rotations—defenders face growing challenges in mitigation.

A malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now.

Microsoft exposes AI-driven phishing campaign targeting US organizations: attackers use AI to craft verbose, business-jargon code in SVG attachments disguised as PDFs, hiding credential-stealing payloads behind invisible dashboards and evading antivirus detection.

SolarWinds patches CVE-2025-26399 (CVSS 9.8), a deserialization flaw in Web Help Desk allowing unauthenticated RCE; it's a bypass of CVE-2024-28988. Affects versions up to 12.8.7—upgrade to HF1. Discovered by Trend Micro ZDI; Qualys QID 733223 for detection.

Threat actors use vulnerable Windows 8.1 WerFaultSecure.exe on patched Windows 11 24H2 to dump unencrypted LSASS memory via PPL bypass, extracting NTLM hashes and passwords for escalation. Zero Salarium details evasion tactics; defenders urged to monitor WER tools and anomalous PPL activity.

Major cyberattack on Jaguar Land Rover (JLR) causes Tata Motors shares to drop 4% to ₹655.30; production paused until Oct 1 with ₹560 crore weekly losses, potential ₹21,000 crore damage—exceeding annual profit. Experts urge cyber insurance and resilient IT amid auto sector digital risks.

Security scan reveals 150+ popular apps (millions of downloads) with Firebase test mode flaws allowing unauthenticated access to payments, PII, chats, passwords, and GitHub/AWS tokens in Realtime DB, Storage, Firestore, and Remote Config. Learn impacts, OpenFirebase tool, and fixes for ~80% of mobile apps.

Threat actors use in-memory PE loaders to download and run malicious executables (e.g., RATs) via Windows APIs like VirtualAlloc and LoadLibraryA, evading file-based EDR like Microsoft Defender/Sophos. Learn the technique's steps, red team success, and need for memory/behavioral defenses.