LIVE · cybersecurity feed
ransomware

Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup

zeroday.news·13d ago

A security researcher gained access to the live broadcast controls for all matches of the 2026 FIFA World Cup, potentially allowing them to disrupt the global event with any content they chose. The researcher, identified as Bob DaHacker, reportedly spent days attempting to contact FIFA officials about the vulnerability but struggled to reach anyone.

This incident highlights a significant security lapse within FIFA's broadcast infrastructure. While the specific technical details of how the researcher accessed the controls were not disclosed, the implication is that a critical system governing the live feed of a major international sporting event was left vulnerable to unauthorized access. The potential for misuse, such as broadcasting inappropriate content like the popular "Rickroll" meme to a worldwide audience, underscores the severity of the breach.

The researcher's attempts to notify FIFA suggest a responsible approach to discovering such a vulnerability. However, the inability to connect with relevant personnel raises questions about FIFA's incident response protocols and communication channels for security matters.

In parallel, Dutch police have implemented an unconventional strategy to combat a surge in "bank help desk fraud." This scam typically involves criminals posing as bank representatives who contact victims, claiming account issues and offering to send someone to "help." The fraudsters often request sensitive information or even physical access to the victim's devices or cards.

To address this widespread fraud, Dutch authorities have publicly displayed blurred images of approximately 100 suspects on billboards, in supermarkets, and on the TikTok platform. This public shaming tactic comes with a two-week ultimatum, urging the individuals to surrender to the police or face further consequences. The initiative aims to pressure suspects into coming forward and to raise public awareness about the ongoing fraud epidemic.

The podcast episode also featured an interview with Jeffrey Wheatman of Black Kite, discussing a report on ransomware and extortion attacks across Europe. The report indicates a significant year-on-year increase in ransomware activity, with nearly 70% of European attacks concentrated in just five countries. A key finding highlighted was the prevalence of third-party risks, where organizations are impacted by attacks on their suppliers, leading to widespread data exposure. The report also touches upon how regulations like NIS2 and DORA are compelling European businesses to enhance their cybersecurity measures.

The discussion on the podcast, hosted by Graham Cluley and Danny Palmer, also touched upon the broader landscape of cybersecurity threats, including the rise in ransomware and the challenges faced by law enforcement in tackling sophisticated fraud schemes. The episode emphasized the importance of vigilance against social engineering tactics, particularly those impersonating trusted entities like banks.

ransomware
← Back to latest

More News

view all →
zeroday.news · 3h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 3h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 4h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 4h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 4h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

zeroday.news · 4h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.