Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff.

Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take over real accounts.

It is an obvious target. More than six million fans are expected across 16 cities in the United States, Canada, and Mexico, and FIFA said it received more than 150 million ticket requests in the first 15 days, leaving the tournament around 30 times oversubscribed. Tickets are scarce, fans are anxious, and money is moving fast, which is exactly what fraud needs.

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.

The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files.

According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network.

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.

According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is being tracked under the moniker CL-CRI-1089. The attackers are assessed to be active since at least 2023.

“Built using the Flutter framework, FlutterShell infects targets with adware via malicious desktop applications,” Unit 42 said. “In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation.”

50 Best Cybersecurity Keynote Speakers in the USA

IntroductionIf you are searching for the best cybersecurity keynote speakers in the USA, you already know the challenge. Most lists recycle the same handful of well-known names, without telling you which speaker actually fits your audience, your industry, or your budget. This directory changes that. Every person included has been selected based on substantive cybersecurity credentials, demonstrated speaking impact, and active contribution to the field in 2025 and 2026.The stakes have never been

Oracle WebLogic CVE-2024–21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

The vulnerability, CVE-2024–21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was patched by Oracle in July 2024.

“Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server,” CISA said.

Over 116,000 Minecraft systems infected in WeedHack malware campaign

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.

The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning.

WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.

How AI & Quantum Computing Will Transform Zero Trust Cybersecurity

By Chuck Brooks, president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts

In Zero Trust cybersecurity protocols there is no implicit trust of identity or privilege – inside or outside the network perimeter, and every person, device, application and transaction must be continuously verified.

Zero Trust is a framework that is adaptive and it has to be in today’s digital ecosystem. Emerging technologies such as artificial intelligence and quantum computing are no longer merely enablers but core disruptors. They broaden attack surfaces, but also offer significant defenses, and call for a rethinking of Zero Trust systems.

OpenAI’s quiet co-founder steps out

OpenAI co-founder Wojciech Zaremba doesn’t do many interviews.

We recently spoke about why he moved over to help run the company’s nonprofit arm.

His reaction to Anthropic speaking alongside the Pope: “I have more bias towards doing. Let’s actually solve the problems, and let’s speak about the exact plan.”

Wojciech Zaremba recently bought a copy of “House on Fire,” a 2011 memoir by epidemiologist William Foege about the campaign that wiped smallpox off the planet. He’s using it as a guidebook for executing what is about to become one of the largest philanthropic efforts of all time.

Zaremba is one of OpenAI’s least well-known co-founders. He has spent more than a decade at the company across a range of efforts, from leading its early robotics efforts to starting the team that guides OpenAI’s personality and what became reasoning models. In March, he left the frontier research world to run AI “resilience” at OpenAI’s nonprofit foundation.

Zaremba and I spoke ahead of a post that the OpenAI Foundation published Monday morning titled “Resilience in the Age of AI,” which names four areas it will initially fund: biosecurity, cybersecurity, model safety, and AI’s effect on kids. After $100 million for fighting Alzheimer’s with AI in April and $250 million for researching “economic futures” last week, the initial $25 billion grant machine Zaremba helps oversee is spinning up.

Continue reading “OpenAI’s quiet co-founder steps out” | >

A retention-aware system turns a computer’s storage chip into a cybersecurity shield

Hackers are ruthless. They can take control of your computer, delete files and disappear without a trace. However, FIU cybersecurity researcher Weidong Zhu has discovered a way to transform a computer’s storage chip into an additional tool for cyber defense. Working with collaborators at the University of Florida, Zhu created a system that makes data on these chips last longer—extending the lifespan of your files in the critical window after your computer is compromised. The work is published in the journal Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security.

“Our system extends recoverable data history up to 126 days,” said Zhu, an assistant professor at FIU’s Knight Foundation School of Computing & Information Sciences whose work is part of the Center for Integrated Security, Privacy, and Trustworthy AI (CIERTA). “Even if your computer is infected, your data can survive on your drive.”

Storage chips, known as solid-state drives (SSDs), have intrigued cybersecurity researchers for years. As hardware—not software—they offer unique safety benefits during an attack.

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.

The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the platform’s backend infrastructure.

According to a statement issued by the NCSC, police officials seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have subsequently taken the botnet offline following its use for criminal purposes.

/* */