Last week, we released Security Onion 3.1.0:
https://blog.securityonion.net/2026/05/security-onion-310-now-available-with.htmlToday we are releasing a hotfix which resolves two known issues in that release:
https://docs.securityonion.net/en/3/main/release-notes/Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account compromise because apparently six digits and blind trust were all that stood between your vault and getting absolutely pwned. Cool. Great. Love that for us.
Then there's the supply chain mess... signed binaries, poisoned updates, legit tooling getting hijacked like it's still 2017, plus a few reports this week that feel less like advanced tradecraft and more like watching skiddies discover low-hanging fruit with enterprise branding slapped on top. The weird part isn't that it works. The weird part is how damn easy it still is.
Anyway. Grab caffeine. Let's get into it.
Hunt.io said it identified more than 1,350 command-and-control (C2) servers across 98 Middle East infrastructure providers over the past three months, between February 1 and May 1, 2026. "C2 infrastructure dominates malicious activity (~96.8%), far exceeding phishing infrastructure (~0.5%) and publicly reported IOCs (~0.5%), while malicious open directories account for the remaining ~2.2% of observed artifacts," it said. "Saudi Arabia's STC (Saudi Telecom Company) hosts 981 C2 servers, representing 72.4% of all detected C2 infrastructure in the region. IoT-focused botnets (Hajime, Mozi, and Mirai) combined with offensive frameworks (Tactical RMM, Cobalt Strike, Sliver) represent the dominant malware families operating across Middle Eastern infrastructure."
Microsoft is said to have silently fixed a privilege escalation flaw in Azure Backup for AKS that allowed a user with only the "Backup Contributor" Azure role (zero Kubernetes permissions) to gain cluster-admin on any AKS cluster, per security researcher Justin O'Leary. The vulnerability, which does not have a CVE, carries a CVSS score of 9.9. While Microsoft rejected the vulnerability report as "AI-generated content," it appears to have been patched since, and additional validation checks were enforced that did not exist in March 2026.
A 46-year-old Romanian national found guilty of breaking into an Oregon state government office in 2021 and other cyber attacks across the U.S. has been sentenced to 56 months in prison. Catalin Dragomir pleaded guilty to one count of aggravated identity theft and one count of obtaining information from a protected computer in February. Dragomir was arrested in Romania in November 2024 and extradited to the U.S. in January 2025 to face charges. Dragomir "sold access to a computer on the network of an Oregon state government office after obtaining unauthorized access to it in June of 2021," the Justice Department said. "During the sale, Dragomir provided the prospective buyer with samples of personal identifying information from the computer. He also sold access to the computer networks of numerous other victims in the United States, causing losses of at least $250,000."
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the supply chain attack targeting DAEMON Tools software to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply necessary fixes by May 30, 2026. The incident is now being tracked under the identifier CVE-2026-8398 (CVSS v4 score: 9.3). "Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe," according to the description of the CVE. "These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection."
Apple has published its post-quantum cryptography (PQC) implementations in corecrypto, including quantum-secure ML-KEM and ML-DSA algorithms, along with mathematical verification tools that it built to assure compliance with FIPS 203 and FIPS 204 specifications for independent evaluation by experts. "Corecrypto is used continuously in our products, providing encryption and decryption, hashing, random number generation, and digital signatures on over 2.5 billion active devices," Apple said. "A critical bug in corecrypto has the potential to compromise the security and reliability of every app and feature that depends on it, so we are conservative when adding new code to the library and make exceptional efforts to be comprehensive in our testing."
The U.S. Federal Bureau of Investigation (FBI) has warned that the threat actor known as the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, has been targeting law firms using social engineering techniques as part of fresh attacks since spring 2026. Law firms are a rich target due to the highly sensitive nature of the data they possess. "Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company's location to gain physical access to computers," the FBI said. "While SRG has victimized companies in many sectors, including those in the insurance, finance, and healthcare industries, the group has consistently targeted U.S.-based law firms since Spring 2023." As part of the scheme involving in-person visits, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email. Upon gaining a foothold, the attackers move swiftly to escalate privileges and pivot to data exfiltration without encryption. "By sending someone in-person to the victim's location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim's computer," the FBI added.
Attackers are hosting counterfeit installers and plugins masquerading as popular software, including ChatGPT, Claude, ZENOLOGY, Ableton Live, AutoTune, and Kontakt, on GitHub and SourceForge to distribute a Deno backdoor known as DinDoor (aka Tsundere). "Attackers are using compromised YouTube channels to distribute links to these platforms," Malwarebytes said. "DinDoor ultimately drops different types of malware, including a stealthy remote access Trojan (RAT), which also uses the Deno JavaScript runtime."
A phishing campaign is using deceptive emails disguised as purchase orders to trick recipients into opening malicious JavaScript files contained within RAR archives that lead to the deployment of a PureLogs variant to steal sensitive data from the victim's device. "Upon analyzing the PureLogs module, the malware's primary capability is to collect sensitive data from the victim's system, including basic hardware and system information, saved credentials, cryptocurrency-related data, and more," Fortinet said. "The malware then compresses and encrypts the collected data before transmitting it to the C2 server."
The U.K. has announced sanctions against cryptocurrency exchanges and the A7 network used by Russia to evade existing restrictions. Among those hit by sanctions is HTX (aka Huobi Global), which is one of the largest cryptoasset exchanges in the world, with $3.3 trillion in trading volume in 2025. "It is suspected of providing services to A7, the sanctioned Russian payments network, and Garantex, the sanctioned cryptocurrency exchange," Elliptic said. It's worth noting that the A7 corporate-and-token infrastructure emerged in the wake of the March 2025 Garantex takedown. Per data from TRM Labs, Huobi has sent more than $4.9 billion in direct on-chain transactions to U.K.-sanctioned and A7-network entities since 2021. Other entities hit by sanctions include Bitpapa and Rapira Group, the latter of which has transacted $375.6 million with Garantex's named successor Grinex.io.
Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox for Claude Managed Agents and a new security-guidance plugin. "The security guidance plugin makes Claude review its own code changes for common vulnerabilities while it works and fixes what it finds in the same session," Anthropic said. "The plugin catches issues such as injection, unsafe deserialization, and unsafe DOM APIs before the code reaches a pull request, reducing how much security review falls to human reviewers downstream. Once installed, the plugin runs automatically. There is nothing to invoke and no separate command to remember." As described by Red Hat, a self-hosted sandbox "outsources the 'thinking' while keeping the 'doing' on your own infrastructure."
Data from Check Point has revealed that hacktivism and ransomware targeting organizations across Germany, Austria, and Switzerland increased 124% in 2025. More than 60% of the hacktivist incidents have involved defacing websites to amplify political messaging. These efforts originated from NoName057(16), Mr Hamza, chinafans, Dark Storm Team, and Hezi Rash. Ransomware attacks, on the other hand, were mainly led by Akira, Qilin, and Safepay. "Germany accounted for more than 80% of regional incidents, with Switzerland at 12% and Austria at 8%," Check Point said. "Across Europe, the DACH region represented 18% of all recorded attacks, placing Germany above France, Spain, and Italy by individual country share."
Threat actors are increasingly capitalizing on the public excitement around the FIFA World Cup 2026 for scam campaigns. Bitdefender said it has identified more than 55 football-related malvertising campaigns targeting users through fake online stores, social media ads, IPTV piracy operations, fraudulent football apps, and FIFA-themed giveaway and lottery scams distributed through email. "The most-targeted users were in the United Kingdom, Portugal, Spain, Algeria, the United States, Canada, Mexico, Belgium, Germany, Brazil, and Australia," the Romanian company said. Check Point said bad actors are "flooding the internet" with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal personal data and money. Host nations of the sporting event, Canada, Mexico, and the U.S., have also recorded an increase in the weekly average number of cyber-attacks per organization in April 2026, with Mexico registering a weekly average of 3,548 cyber attacks per organization. Group-IB said it uncovered six distinct fraud schemes and over 4,300 fraudulent domains impersonating FIFA's official web presence. This includes a sophisticated phishing campaign conducted by a Chinese-speaking, financially motivated operator called GHOST STADIUM that involves using more than 300 domains using a shared phishing kit that exploits FIFA's PingIdentity SSO login flow to harvest credentials and conduct fake ticket sales and payment fraud at scale. "GHOST STADIUM has built a pixel-perfect clone of the official FIFA website, complete with a replicated single sign-on (SSO) authentication flow, and multi-language support in 11 languages," Group-IB said. "Facebook Ads serves as the primary paid traffic acquisition channel for the GHOST STADIUM campaign."
Cybersecurity researchers have uncovered a 126-extension Chrome Web Store extension network dubbed WaSteal that masquerades as independent WhatsApp CRM tools while exfiltrating user personal data, advertising cookies, and voice messages to operator-controlled servers, affecting nearly 148,000 users. According to researcher Jean-Marie R., the network is operated by wascript.com.br, which operates a white-label platform. "The largest variant (WaSeller, 100k installs) embeds a live GTM container giving its operator silent, permanent remote code execution with no extension update or Chrome review required," the researcher said. "The operator's own privacy policy directly contradicts every behavior documented."
A new technique named GhostTree abuses NTFS junctions to generate infinite file paths, causing endpoint security products to hang and leave files unscanned. "We discovered that by pointing a junction back at its own parent directory, an attacker can create recursive loops that generate effectively infinite file paths," Varonis said. "With just two lines of code, a user can generate endless valid paths, making it impossible to finish scanning parent directories with the dir command recursively. The same applies to EDR products that scan folders for malicious files. An attacker places malware in the parent directory, sets up the GhostTree structure, and the containing folder becomes effectively unscannable. The scan hangs. The malicious files go unexamined."
An emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first observed in April 2026, has been targeting Microsoft 365 environments. "Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user's credentials," the FBI said. "Through the Kali365 platform subscription, cyber threat actors can capture 'OAuth' tokens and gain persistent access to targeted individuals/entities' Microsoft 365 environments." Like other PhaaS platforms, Kali365 risks lowering the barrier of entry to cybercrime, offering less-technical attackers access to artificial intelligence (AI)-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities. Kali365 is available to affiliates on a subscription basis, ranging from $250 for 30 days to $2,000 for a year. In a report published last month, Arctic Wolf said it observed a device code phishing campaign using Kali365 to obtain initial access and conduct follow-on activity. "The campaign relied on high-fidelity lures directing victims to Microsoft's legitimate device login flow, where users unknowingly authorized threat actor-initiated sessions," the company said. "Captured OAuth access and refresh tokens enabled immediate mailbox access and post-compromise activity. In select cases, threat actors established malicious inbox rules to suppress security notifications, extending dwell time and reducing user awareness." Barracuda Networks and Proofpoint have also warned of a spike in device code phishing campaigns in recent months. Barracuda said it detected more than 7 million device code attacks between March and April 2026. "The surge of device code phishing is the natural progression of credential phishing, as more people become aware of multi-factor authentication bypass techniques, criminals must get creative," Proofpoint noted.
PhishU has detailed a new technique called Vaultjacking, which demonstrates how a victim's 6-digit Google Password Manager (GPM) PIN captured via an adversary-in-the-middle (AitM) phishing page can be used to decrypt the entire synced GPM vault. "That single PIN releases Google's Security Domain Secret, which decrypts every synced password and passkey on the account -- not just the credential being registered, the entire vault," Curtis Brazzell, PhishU Flounder and CEO, said in a statement. Once the AitM page harvests the user's session cookies and GPM PIN, a threat actor can add a passkey to the victim's Google account for persistence and then unlock the victim's entire synced credential vault from their own infrastructure.
A trojanized MSI installer for RVTools is being used to deploy a modular Python-based remote access trojan (RAT) using a VBScript loader. The malware includes a reconnaissance module that fingerprints the host and maps out Active Directory and a persistent command-and-control (C2) agent that encrypts stolen data and waits for operator commands. "What made this campaign particularly effective was the use of a legitimately issued Sectigo code-signing certificate, registered under what appears to be a shell entity - Xiamen Lunwei Huage Network Co.(Sectigo), Ltd," K7 Labs said. "At the time of delivery, the certificate was fully valid, meaning Windows SmartScreen and most endpoint controls raised no flags. It has since been revoked, though it offers limited protection to environments not enforcing real-time OCSP or CRL checks at execution time."
None of this was especially sophisticated. That's the lesson nobody wants to hear. Most breaches still start with trust abuse, stale configs, lazy access controls, or users getting socially engineered by someone sounding vaguely competent over the phone.
Patch faster. Audit harder. Stop assuming signed software, MFA prompts, or "internal-only" tooling means safe. The attackers already figured out the shortcuts. Might be time defenders stop pretending those shortcuts don't exist.
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a handful of dominant AI platforms that drive the majority of enterprise AI activity and sensitive data exposure.
At the same time, AI usage is rapidly fragmenting across personal accounts, AI browser extensions, embedded copilots, AI connectors, and secondary AI tools operating outside traditional visibility and governance controls. The result is a fragmented AI ecosystem that most organizations still cannot fully see or govern.
The common perception is that "everyone uses AI now". The report paints a much more nuanced picture. While nearly half of enterprise users interacted with AI tools over the past year, only 18% use AI on a weekly basis. This suggests that most employees remain casual users.
At first glance, that sounds like good news for security teams. Fewer users should mean lower risk. But the report found the opposite.
Enterprise AI activity is heavily concentrated among a very small group of employees. While half of the users had 12 AI conversations or fewer, the top 5% generated at least 144 conversations. These same users also engaged in much deeper interactions, averaging 18 prompts per conversation compared to the average of 2.
This creates a new class of "AI power users" that conduct far more conversations, interact across multiple AI platforms, and engage in significantly deeper prompt chains than average employees.
The result: AI risk is not distributed evenly across the organization. A relatively small group of users drives a disproportionate amount of enterprise AI exposure.
Despite the rapid growth of enterprise copilots, ChatGPT remains the dominant AI platform inside enterprises by a significant margin. It accounts for 36% of enterprise AI users and more than 55% of all AI conversations. That gap matters because it shows ChatGPT users are far more active than users of competing platforms.
Copilot M365 is growing quickly, reaching 29% adoption and nearly a quarter of enterprise AI conversations. The growth of Copilot also signals something important: enterprise AI usage is starting to split between governed enterprise-native AI and consumer-driven AI adoption. But beyond those two leaders, most AI platforms remain far behind despite the attention they receive.
While Copilot M365 usage is largely tied to corporate-managed Microsoft environments, where organizations typically maintain stronger visibility and governance controls, Gemini presents a very different risk profile. Most enterprise Gemini usage still happens through the regular consumer version, not Gemini Enterprise. In many cases, employees access it through personal accounts and unmanaged environments. That means organizations often have little visibility into how data is retained, whether prompts are used for model training, or how enterprise information is ultimately handled.
The implication is significant: not all enterprise AI adoption carries the same level of risk. The real governance challenge increasingly comes from consumer AI usage operating inside enterprise workflows under the appearance of legitimate productivity tools.
Most organizations still think about Shadow AI as employees using an unapproved chatbot. That definition is already outdated.
The LayerX research shows that enterprise AI usage is rapidly fragmenting across a growing ecosystem of AI tools, embedded assistants, AI browser extensions, AI search engines, coding copilots, and AI-powered SaaS features that often operate outside traditional visibility and governance controls.
Nearly 30% of enterprise users already use multiple AI platforms, while the top 5% interact with six or more AI applications. Employees are no longer relying on a single assistant for isolated tasks. They are combining multiple AI systems inside the same workflows, often switching between tools depending on the task, data type, or convenience.
This is what modern Shadow AI actually looks like. It's the growing long tail of AI tools that organizations struggle to see, track, or govern. In many cases, organizations may not even realize AI is being used at all, creating a far larger governance challenge than most organizations anticipate.
Most organizations assume that if employees use AI for work, they will naturally use corporate-managed AI environments. But that's not true.
Nearly half of all enterprise AI conversations happen through personal identities rather than corporate-managed accounts. What's even more concerning is that over 14% of conversations conducted with corporate identities are tied to personal AI licenses.
This creates a major governance blind spot, as when employees use personal AI accounts, organizations lose visibility into retention policies, auditability, model training exposure, and how enterprise data is ultimately handled. Sensitive company information can move into external AI ecosystems without centralized oversight or policy enforcement.
What makes this particularly surprising is that the divide is not just about identities. It is increasingly shaping platform selection itself.
Enterprise-focused platforms such as Copilot M365 and Gemini Enterprise are used primarily through corporate-managed accounts. Meanwhile, platforms like ChatGPT, Claude, and DeepSeek remain dominated by personal usage.
This means the enterprise AI problem is no longer just about AI applications. It is increasingly becoming a "personal AI" and governance problem.
The report found that more than 6% of enterprise AI conversations already contain sensitive data. We categorized the sensitive data to find that personal data was the most common category by far, appearing in 5.81% of conversations, while financial and IT-related data appeared less frequently but still represented meaningful exposure.
DeepSeek showed the highest sensitive data exposure rate at 12.63% of conversations. ChatGPT followed at 8.38%. Copilot M365 showed a significantly lower exposure rate at 3.65%.
This suggests enterprise-integrated AI platforms may operate within more controlled governance environments, while consumer-oriented AI tools continue to see much riskier usage patterns.
The question is no longer whether employees will share sensitive data with AI systems. They already are. The real challenge is understanding where it happens, how often, and through which identities and platforms.
The report also highlights two fast-growing AI channels that many organizations are barely tracking today: AI browser extensions and AI connectors.
About 15% of enterprise users already run at least one AI browser extension. Nearly 75% of these extensions request high or critical browser permissions. More than 16% already have known vulnerabilities.
At the same time, AI connectors are increasingly linking AI systems directly to enterprise applications like SharePoint, GitHub, Slack, Atlassian, and Google Workspace.
This means that AI systems are no longer limited to employees manually pasting information into chatbot windows. They are increasingly being granted persistent, programmatic access to enterprise systems, documents, collaboration platforms, and internal knowledge repositories. This fundamentally changes the nature of enterprise AI risk.
The report makes one thing clear: traditional AI governance approaches are falling behind how employees actually use AI. It outlines a clear direction for security leaders:
Download the full State of AI Usage report from here
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly trigger vulnerable decoders — the holy grail of attack surfaces for those studying robustness.
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format. The objective is to show how an Orthanc server can be targeted during the image upload process, resulting in an out-of-bounds write.
The 2026 FIFA World Cup will be the largest sporting event ever staged. Across 39 days, 16 host cities in three nations will host 104 matches, an expanded 48-team tournament and an estimated five-to-six million in-venue spectators alongside a global broadcast audience approaching half the planet.
The tournament opens at Estadio Azteca in Mexico City on June 11, 2026, and concludes at MetLife Stadium in East Rutherford, New Jersey, on July 19, 2026.
This is the first World Cup to be jointly hosted by three nations. Each match runs on a temporary, multi-ring tournament network grafted onto pre-existing NFL, MLS, CFL and Liga MX stadium environments. It depends on a network of municipal services, including public transit, signalized traffic, water and wastewater treatment, regional power, airport operations and emergency services. Each of those touchpoints is in scope for an adversary.
Based on a review of cyber operations against prior mega-events from 2016 through the Milano-Cortina 2026 Winter Games, this assessment finds that disruptive intrusions, criminal fraud at scale and politically motivated distributed denial-of-service (DDoS) and hack-and-leak operations are highly likely. The only meaningful questions are who, against which targets and at what severity.
There are three drivers in the 2026 World Cup risk picture:
The Paris 2024 Olympics is a strong example of a recent precedent. French authorities (ANSSI) confirmed at least 140 cyber events during the Games, including 22 confirmed unauthorized intrusions and a ransomware attack against the Grand Palais venue.
None succeeded in disrupting competition, but only because of preparation that began years earlier. Preparation included exercises against 500 Games-linked facilities, and support by sustained government-industry coordination. The 2026 tournament must clear the same bar across multiple jurisdictions, regulatory bodies and languages.
Defenders should plan against the possibility of all of the following:
| Event | Year | Operation / Actor | Documented Impact / Primary Source |
|---|---|---|---|
| Rio Summer Olympics | 2016 | OpOlympicHacking; Fighting Ursa (aka Fancy Bear, APT28) WADA leak | Prolonged DDoS against the official Rio website; Fighting Ursa publication of stolen WADA athlete medical records |
| Pyeongchang Winter Olympics | 2018 | Olympic Destroyer wiper; attributed to Razing Ursa (aka GRU Unit 74455, Sandworm) by UK FCDO, Oct 2020 | Wi-Fi at opening ceremony, Olympics website, ticketing, broadcast drones disabled. 300+ systems compromised. 12 hours to restore. Credentials in binary referenced 44 Pyeongchang accounts. |
| Tokyo Summer Olympics | 2020/21 | Razing Ursa reconnaissance and disruption | Over 450 million blocked attempts reported. No disruption to competition. Phishing/social engineering against athletes and ticket-holders persisted. |
| FIFA World Cup, Qatar | 2022 | Cybercriminal ecosystem; multiple groups | Group-IB: 16,000+ scam domains, 40+ fake mobile apps, 50+ fake social-media accounts, and 90 compromised Hayya FanID accounts (RedLine and Erbium info-stealer credentials). |
| Rugby World Cup, France | 2023 | Fiddling Scorpius, distributors of Play ransomware | French Rugby Federation systems encrypted three months before kickoff; Personally identifiable information (PII) exfiltrated. No on-field disruption. Reputational and financial damage. |
| Paris Summer Olympics | 2024 | Multiple cybercriminal and hacktivist groups; one ransomware actor. ANSSI confirmed 140+ events | ANSSI: 140+ events, 119 low-impact, 22 successful intrusions. Ransomware on Grand Palais venue and approximately 40 other museums. DDoS peaks at 190,000 req/sec on official site. No competition was disrupted. |
| Milan-Cortina Winter Olympics | 2026 | Italian Foreign Minister Antonio Tajani said in a press conference that Italy thwarted attacks | No public confirmation of disruption to competition. Italian National Cybersecurity Agency operated a dedicated command centre throughout the Games. |
Table 1. Previous attacks against major sporting events.
Financially motivated cybercrime is the highest-volume, highest-likelihood threat category for the 2026 FIFA World Cup Games.
Based on the Qatar 2022 Games, there are five categories of ticket-themed fraud:
Attacks against hospitality businesses and platforms, digital key infrastructure, point of sale (PoS) and identity providers and fake short-term rental properties are another potential area of risk.
Tournament-specific QR-code fraud is the single fastest-growing variant. There have already been observed pre-tournament listing scams, and a high potential for fake shuttle passes, parking permits and official fan transport QR codes that fail when scanned. The geographic spread of the 2026 games in various cities multiplies opportunities for transit-themed fraud relative to single-host-city games.
Confirmed lure themes from prior tournaments include:
Expect to see typosquatted FIFA domains, malicious mobile applications, infostealers sold on Telegram, and Telegram-based reseller channels moving money via peer-to-peer payment apps as seen in Table 2.
| Cybercriminal Vector | Primary Targets |
|---|---|
| Phishing/lookalike domains/typosquatting | All fans, especially first-time international travelers |
| Fake/resold tickets; FanID account takeover | Fans buying outside the FIFA platform |
| Hospitality ransomware (High-profile operators) | Hotel chains, property management, casino-resort venues |
| DDoS against host-city, federation or ticketing services | Pro-Russian and pro-Iran hacktivist targets |
| Hack-and-leak/doxxing of officials, sponsors, athletes | Officials, sponsors, athletes |
| QR-code/transportation/parking fraud | Fans moving between host cities |
| Mobile malware via fake apps in official stores | Android primarily; iOS via TestFlight |
Table 2. Cybercriminal techniques that are possible during the World Cup.
The geopolitical context for the 2026 tournament is materially different from any prior World Cup. The U.S.-Israel-Iran conflict has produced a surge in Iran-nexus cyber operations against U.S. organizations. The Russia-Ukraine war and the resulting NATO alignment of all three host nations make pro-Russian hacktivism an additional, parallel risk.
The Handala Hack Team (aka Banished Kitten, Storm-0842, Void Manticore and Cobalt Mystique) and Ababil of Minab, are just two of several front personas operated by Iran's MOIS directly responsible for wiper attacks, targeting high-level government officials, and doxxing employees of public companies.
CyberAv3ngers (aka Shahid Kaveh Group, Bauxite, Hydro Kitten, Storm-0784 and UNC5691) is the IRGC Cyber-Electronic Command's industrial-control-system arm. Its documented escalation curve is the single most important data point for defenders concerned with municipal infrastructure during the FIFA World Cup 2026.
Every World Cup host city in the United States operates municipal water, wastewater and energy infrastructure inside this advisory's threat envelope. A 2024 CISA assessment found over 70% non-compliance with existing safety requirements at U.S. water utilities.
Beyond Handala and CyberAv3ngers, multiple Iran-aligned personas — DieNet, APTIran, Cyber Toufan, Cyber Support Front, Iranian Avenger, Cyb3r Drag0nz — have been observed operating through a team named the Electronic Operations Room of Islamic Resistance Axis. This team formed in late February 2026. DieNet has specifically claimed DDoS attacks against Bahrain and Saudi airports and Jordanian banks — transportation and finance targets directly relevant to fan-facing infrastructure.
NoName057(16) has been the most operationally consistent pro-Russian hacktivist group since March 2022, with an attributed 3,700-plus targeted hosts to the group between July 2024 and July 2025. The UK NCSC, Eurojust and Europol issued co-sealed advisories in December 2025 and January 2026 regarding the hacktivist group. Operation Eastwood produced two arrests and seven arrest warrants but did not stop the group, which resumed activity within days.
Three operational characteristics are directly relevant to 2026:
Information Operations
Major global sporting events have proven fertile ground for state-sponsored information operations aimed at sowing distrust in institutions, embarrassing athletes or nations, and amplifying narratives conducive to strategic interests. Russian influence operations are well established with past reported activities surrounding leaked athlete data, AI-enabled deception and defaming, delegitimization of Ukraine and Ukrainian athletes, narratives of the West against Russia, and pro-Kremlin narratives.
The current conflict in Iran opens the door for potential Iran-based narrative amplification, consistent with its observed hybrid offensive approach, specifically aimed at compounding the division of support for kinetic activity and targeting countries or athletes from Gulf states perceived as adversarial.
People’s Republic of China-aligned Dragonbridge has increasingly experimented with and deployed generative AI tools — such as synthetic audio, AI-generated news hosts, avatars, and images — to scale its political influence operations across social media, though these efforts have ultimately failed to garner significant organic engagement from authentic viewers.
FIFA's published tournament structure presents a unique and historically large attack surface. Sixteen host cities span three host nations, four time zones and multiple regulatory regimes. Each match operates a layered, ring-based tournament network grafted onto a permanent stadium environment, depends on a temporary commercial supplier ecosystem and pulls on host-city public services that FIFA does not own. Table 3 lists these rings and the primary cyber risk to each.
| Ring | Function | Primary Cyber Risk |
|---|---|---|
| Field-of-play/Video Assistant Referee (VAR)/officiating | Goal-line technology, semi-automated offside, Video Assisted Review, in-stadium broadcast cabling | Integrity-of-competition attack; broadcast disruption during a key moment |
| Venue operational network | Access control, ticket scanning, screens, public-address, Wi-Fi, accreditation | Replay of the Pyeongchang scenario: Wi-Fi, app, ticketing, gates rendered unusable |
| Tournament management | Schedule, results, statistics, athlete management, broadcaster feeds | Wiper or ransomware timed to opening match or final; data integrity |
| Hospitality and commercial | VIP access, payments, loyalty, hospitality suites, sponsor activations | Hospitality-stack ransomware; PII and payment information exfiltration |
| Fan-facing digital | FIFA app, official ticket resale, FanID, streaming, social | Account takeover, FanID compromise, content defacement, mobile malware |
| Host-city public services | Transit, traffic signals, water, wastewater, power, airports, emergency services | Iran-nexus OT targeting per CISA AA26-097A; cascade impact on tournament operations |
Table 3. Network rings and use cases.
The 2026 supplier ecosystem will be vast. Each host city contracts independently for stadium operations, security, transit, hospitality, food service, signage, fan-zone production and last-mile network connectivity. The Pyeongchang 2018 Olympic Destroyer destructive case is a clear historical warning: Recorded Future identified that Olympic Destroyer samples targeting the IT service provider were timestamped five minutes ahead of samples targeting the host.
CISA AA26-097A identifies “Government Services and Facilities (to include local municipalities)” as one of three named target sectors of the active Iran-nexus PLC campaign. Analysis of CyberAv3ngers' targeting found that small municipal authorities are deliberately selected because they manage OT with consumer remote-access tools or expose PLC interfaces directly to the internet. A January 2024 Russian cyberattack on a municipality in Texas resulted in successfully overflowing a water tank after unsuccessful attempts in neighboring water systems. Ransomware attacks on water systems have also occurred.
Pro-Russian hacktivist DDoS has already demonstrated the ability to take state and local government websites offline for hours. UK NCSC's January 2026 alert specifically called out persistent NoName057(16) targeting of UK local-government services. The U.S., Canadian and Mexican equivalents are inside the same threat envelope.
Federal agencies have signaled awareness: CISA AA26-097A, the DOJ domain-seizure activity against Iranian cyber fronts and the U.S. State Department's $10 million reward offers indicate active coordination. Defenders should expect and request pre-tournament threat-sharing engagements with CISA, FBI, the Canadian Centre for Cyber Security and Mexico's CERT-MX, mirroring the model that ANSSI ran in advance of Paris 2024.
Two specific scenarios merit pre-tournament tabletop exercise.
Scenario: An Iran-nexus actor manipulates a wastewater PLC in a host city overnight before a knockout match, producing a service alert and a forced public-health advisory.
Scenario: A Muddled Libra-style social-engineering campaign against a major host-city hotel operator collapses room access, mobile check-in and PoS for 48-72 hours during the run-up to the July 19, 2026, final at MetLife Stadium.
The following matrix in Table 4 consolidates the assessed likelihood and severity of each evidence-backed threat vector for the tournament window of June 11-July 19, 2026. Severity is conditioned on the potential impact to fans, host cities and the integrity of the competition.
| Threat Vector | Severity | Primary Actor Class |
|---|---|---|
| Phishing, fake tickets, lookalike domains targeting fans | Low-medium per fan; cumulative high | Cybercriminal |
| FanID/FIFA-portal account takeover | Medium | Cybercriminal |
| Hospitality ransomware against major hotel operator(s) | High | Cybercriminal (Muddled Libra (aka Scattered Spider)/high-profile actors) |
| DDoS against host-city, federation or ticketing services | Medium | Pro-Russian and pro-Iran hacktivist |
| Hack-and-leak/doxxing of officials, sponsors, athletes | Medium-high | Iran-nexus (Handala) and adjacent personas |
| Wiper/destructive operation against a vendor or venue | High-critical | Iran-nexus state-backed; Russia-nexus state-backed |
| OT disruption at a host-city utility | High | Iran-nexus (CyberAv3ngers-class) |
| Disinformation/AI-generated content around matches | Medium | Multiple state and non-state actors |
| Insider compromise at a tournament supplier | High | Cybercriminal-for-hire; state-backed |
| Mobile malware via fake apps in official stores | Medium | Cybercriminal |
Table 4. Prioritized threat matrix of likely cyberattacks.
These recommendations are derived from the threat picture above and from public after-action reporting on Paris 2024 and Milan-Cortina 2026. They are prioritized by impact rather than by category.
For the tournament organization and host-city committees
For host-city utilities and municipal operators
For hospitality and venue operators in host metros
For sponsors, federations and broadcast partners
For fans and the traveling public
The window for shifting from preparation to live response is closing fast. The 2026 FIFA World Cup conditions are different than at any previous tournament: three host nations, sixteen host cities, a 48-team field, an active U.S.-Israel-Iran kinetic conflict, an ongoing Russia-NATO confrontation and a cybercriminal ecosystem that has industrialized against the hospitality sector since 2023.
The threat actors of greatest concern for 2026 — the Handala Hack Team, CyberAv3ngers, NoName057(16), Muddled Libra, ALPHV affiliates and the broader Iran- and Russia-aligned hacktivist ecosystem — have all demonstrated their capabilities within the last 24 months. This has been proven in public record by what these actors have already accomplished.
Plan for incidents across the full supplier and host-city graph, exercise the response against realistic scenarios and coordinate across jurisdictions before kickoff rather than during the tournament. Where that posture has been adopted, the historical record shows that competition has not been disrupted. Where it has been weaker, adversaries have succeeded. The single most important defender posture for 2026 is to assume the attacks will come.
Additional Resources
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware.
"These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal, Eden Abergil, Andre Maccarone, Yuval Dan, and Benjamin Read said. "The used methods enabled the threat actor to move laterally from compromised employee laptops to code distribution systems and development infrastructure."
The Google-owned cloud security company is tracking the activity under the moniker JINX-0164. The threat actor is assessed to be active since at least mid-2025 and motivated by financial gain, targeting developers through recruitment-themed and other social engineering techniques to siphon cryptocurrencies. In at least one case, the adversary is said to have carried out a supply chain attack.
In the attack chain documented by Wiz, JINX-0164 has been found to leverage credible LinkedIn profiles to approach victims and offer a virtual meeting. The meeting invite is designed to steer the target to a rogue domain that masquerades as a teleconference provider.
From there, victims are tricked into downloading and installing the program. This, in turn, triggers the retrieval of a Python-based macOS infostealer and remote access trojan codenamed AUDIOFIX using a bash script hosted on a fake driver store domain ("apple.driver-store[.]com").
"The [bash] script downloaded an architecture-aware payload from the same domain, compatible with both Intel and Apple Silicon systems. The payload masquerades as a system audio driver named coreaudiod, was saved as ChromeUpdater, and was executed via launchctl," Wiz said.
The Python malware is then leveraged to steal sensitive data from the compromised endpoint, laterally move to internal code distribution systems and development infrastructure by injecting the AUDIOFIX payload, and modify source code in an attempt to compromise other endpoints and steal cryptocurrency wallet credentials.
The captured data includes credentials from password managers, web browsers, and iCloud Keychain files; local admin credentials; SSH keys; configuration files; console history files; cryptocurrency browser extensions information; cryptocurrency wallet addresses; and active Discord, Slack, and Telegram sessions.
Besides information theft, AUDIOFIX supports several commands that allow manual reconnaissance, exfiltration, arbitrary shell command execution, file deletion, and payload retrieval from an external server.
JINX-0164 has also been observed targeting software developers by impersonating recruiters, while employing the same social engineering technique: using the job opportunity to set up a meeting that displays a fake technical error and instructs the victim to download a "fix" that leads to malware installation.
Another key component of the threat actor's arsenal is MiniRAT, a Go-based backdoor that was previously distributed via a compromised version of an npm package named @velora-dex/sdk, a legitimate DeFi toolkit used for token swaps, limit orders, and delta trading on the VeloraDEX decentralized exchange platform.
Per details shared by SafeDep and StepSecurity last month, the poisoned version downloaded a shell script from a remote server, which then delivered an macOS-specific binary called MiniRAT. The malware is equipped to upload files, run arbitrary shell commands, and fetch additional payloads or tools from attacker-controlled domains.
It's worth noting that some aspects of the campaign, coupled with the use of VPN services like Astrill VPN and the focus on cryptocurrency and developers, are reminiscent of those used by multiple North Korean threat clusters such as BlueNoroff, Contagious Interview, and UNC1069. However, Wiz said there are no infrastructure overlaps connecting JINX-0164 to Pyongyang at this stage.
"Similarly, the types of spoofing domains are similar to those used by other North Korean actors; however, JINX-0164 infrastructure does not have any overlaps with other publicly tracked North Korean groups," Wiz said.
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions.
"Since at least early 2025, GlassWorm operators have systematically targeted software developers, a population with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries," CrowdStrike said.
The development comes as developers have increasingly become lucrative targets for pulling off software supply chain attacks, enabling attackers to leverage a single compromised workstation to impact thousands of downstream organizations and users at once.
GlassWorm, since its emergence last year, has conducted a "multi-pronged campaign" using trojanized VS Code extensions published on both the Microsoft VS Code Marketplace and Open VSX, thereby making it possible to target users of VS Code forks like Cursor, Positron, Windsurf, and VSCodium.
The campaign is also known to have introduced malicious code through compromised npm and Python packages. The end goal of the attacks is to deliver a data-theft framework with credential harvesting, cryptocurrency wallet exfiltration, and system profiling capabilities.
Subsequent iterations of GlassWorm have been found to deploy a Websocket-based JavaScript RAT called GlassWormRAT to steal web browser data and run arbitrary code, including installing a Google Chrome extension that, in turn, collects sensitive data, including screenshots, keystrokes, and clipboard content, from the infected system.
"Once active, the malware searches the host for developer credentials (GitHub, NPM, OpenVSX tokens, crypto wallets), enabling further compromise of repositories and package uploads," Endor Labs researcher Kiran Raj said.
"Infected hosts are converted into covert infrastructure: SOCKS proxies, hidden VNC (HVNC) servers, and remote execution nodes (via WebRTC or spawned Node.js processes). That gives attackers anonymized network access into corporate and personal networks and a platform to propagate further."
Cumulatively, the malicious activity is said to have poisoned more than 300 GitHub repositories using stolen developer credentials. What made the operation notable was its use of four distinct C2 channels for improved resilience -
"The combination of blockchain, peer-to-peer, and legitimate web services as resolution layers was designed to be resilient against takedowns - a dynamic front protecting the actual C2 servers behind multiple layers of indirection," CrowdStrike said.
As a result of the takedown, all four channels have been neutralized simultaneously in a coordinated effort so that infected machines can no longer receive new instructions or payloads.
Describing the GlassWorm operators as "well-resourced and persistent," the cybersecurity company attributed the activity to likely Russia-based cybercriminals given that the malware terminates execution on systems located in the Commonwealth of Independent States (CIS) countries and contains Russian-language comments.
"The software supply chain remains one of the most consequential attack surfaces in modern computing," CrowdStrike concluded. "Adversaries are turning an organization's dependencies on tools, updates, and libraries into weaponized delivery mechanisms and force multipliers."
"The barrier to poisoning a package or extension is low; the potential blast radius is enormous. As long as developer environments, build pipelines, and code repositories remain under-protected, every organization that consumes software inherits the risk of everyone who produces it. GlassWorm demonstrates that attackers know this and are investing in resilient infrastructure to maintain persistent access to developer ecosystems."
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work.
Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects to corporate data through OAuth tokens or browser sessions, giving them access to shared drives, emails, and internal documents the employee never specifically intended to expose. Security teams often have no visibility into any of it.
This is the shadow AI gap, and it is widening fast. Most security tools were built to monitor email and network traffic flowing through the corporate network. A browser-based AI tool that connects to company data through a quick login approval bypasses those controls entirely, because it never passes through the corporate network at all. According to Gartner, 69% of organizations suspect or have confirmed that employees are using prohibited AI tools at work, and only 37% have an AI governance policy in place. The result is a growing disconnect between how employees work and what security teams can see.
A program that channels AI adoption into a safe, visible, approved path gives security teams the visibility they need and employees the tools they want. The five steps below show exactly how to build one.
A security program can only manage what it can see. The first step is discovering which AI tools are in use across the organization, and most security teams will find the answer surprising.
Three areas account for the majority of shadow AI activity.
A simple employee survey is also worth running. A survey framed around helping employees work more safely tends to get candid responses. Many shadow tools surface through surveys that automated discovery misses entirely.
The goal of this step is a current, accurate inventory: every AI tool in use, who is using it, and what data it has access to.
Most AI acceptable use policies stall for the same reason: they give employees a list of prohibited tools with no guidance on what the approved path looks like. A policy designed as a practical guide, one that identifies approved tools and provides a clear process for requesting new ones, is the foundation employees need to make good decisions.
An effective AI governance policy covers five things.
That last element matters more than it might seem. Employees who understand why OAuth connections carry data exposure risk apply that reasoning to every tool decision they make. Policy becomes a form of education when the reasoning is included.
Shadow AI grows fastest in organizations where the official approval process cannot keep pace with the rate of AI product releases. An employee who needs a tool today and faces a six-week security review will find a workaround within days. The goal of this step is to remove that friction.
Security teams that publish their approved tool list openly and keep it current typically see a meaningful reduction in shadow AI usage. When employees know where to find the right tools, they use them.
Continuous visibility into AI tool usage across an organization serves two groups simultaneously.
A browser-native monitoring approach gives security teams visibility into AI activity without rerouting employee web traffic or adding friction to daily work. The signals it captures feed into each employee's broader risk profile, sitting alongside their phishing simulation results and training completion data in one place.
That combined view matters because risky behaviors compound. An employee who clicks phishing links, skips training, and runs unapproved AI tools with access to sensitive data presents a much higher risk than any single behavior would indicate. Seeing the full picture in one place helps security teams focus on the employees who need attention most.
Security programs that make the secure choice the easiest choice are the ones employees follow. In the context of AI governance, two things drive that: just-in-time coaching and training that explains the reasoning behind the rules.
Just-in-time coaching delivers a brief, contextual prompt at the moment an employee attempts to use an unsanctioned tool. This is more effective than quarterly training modules, because the intervention happens at the point of decision. A well-designed prompt tells the employee what the concern is, directs them to an approved alternative, and takes less than thirty seconds to read.
Training that explains the reasoning behind AI governance policies builds the kind of judgment employees can apply across any situation they encounter, including tools and threats that emerge long after the training itself. The AI tool landscape is changing fast enough that no training program can anticipate every specific case. An employee who understands that OAuth connections to corporate Google Workspace can expose the entire shared drive to a third-party vendor will apply that understanding to tools that did not exist six months ago.
AI adoption is a signal of productive teams doing their jobs well. Companies that build practical programs around that momentum, with clear paths to approved tools and real-time visibility for security teams, tend to handle it best.
Security teams that close that gap find that shadow AI usage declines organically over time. Browser-native visibility, clear paths to approved tools, and just-in-time coaching at the moment of risk are what make that possible. When employees have access to effective, approved tools and a fast, transparent path to get new ones reviewed, the incentive to work around the system largely disappears.
Adaptive Security's AI Governance product gives security teams real-time visibility into every AI tool and shadow app running across their organization, with automated policies and just-in-time employee coaching built in. Learn more at adaptivesecurity.com.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
