FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that...

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...

A week in security (May 4 – May 10)

Last week on Malwarebytes Labs: Microsoft says Edge’s plaintext password behavior is "by design" ShinyHunters escalates Canvas attacks with school login defacements Massive AI investment scam network spans 15,500 domains If a fake moustache can fool age checks, is the Online Safety Act working?...

The 2026 World Cup scam economy is already running before the first whistle

The FIFA World Cup 2026 is scheduled to begin June 11 across the US, Canada, and Mexico. The web is filling with sites impersonating ticket vendors, telecoms, sticker publishers, toy manufacturers, immigration services, and crypto projects, all linked to the World Cup brand. Together, they map ou...

Robot Dogs Are on Going on Patrol at the 2026 World Cup in Mexico

The Mexican city of Guadalupe, which will host portions of the 2026 World Cup, recently showed off four new robot dogs that will help provide security during matches at BBVA Stadium...

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

The U.S. Federal Communications Commission FCC on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems UAS and UAS critical components produced in ...

EUVD-2014-6549

Malware in sbrugna...

EUVD-2025-2999

Malicious code in bioql PyPI...

CVE-2025-22794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through = 1.9.9...

CVE-2025-22794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through = 1.9.8...

CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through = 1.9.8...

CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6...

CVE-2025-22794

CVE-2025-22794 affects WordPress World Cup Predictor plugin by Landoweb. The disclosed data indicate a Reflected Cross‑Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation, impacting World Cup Predictor versions up to 1.9.6 (and possibly earlier...

PT-2025-4704 · Unknown · Landoweb Programador World Cup Predictor

Name of the Vulnerable Software and Affected Versions: Landoweb Programador World Cup Predictor versions 1.9.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This means that an...

WordPress plugin World Cup Predictor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin World Cup Predictor versions = 1.9.8...

Checking in on the state of cybersecurity and the Olympics

With the 2024 Olympics Opening Ceremony only two weeks away now, there is one thing thats an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks. Every time there is a new Olympic Games, theres a renewed discussion about how threat actors,...

Trend Micro Defends FIFA World Cup from Cyber Threats

Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime...

The World Cup: Prime Time for Sports Fans and Cybercriminals

From November 20 to December 18, fans from all over the world are tuned into the World Cup tournament in Qatar. While this is a major event for sports fans, it’s also prime time for bad actors. Large sporting events lead to increased levels of activity across sports and gambling sites, along with...

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

By Habiba Rashid From phishing attacks to selling fake tickets, scammers have set up thousands of domains to trick FIFA World Cup 2022 fans in Qatar. This is a post from HackRead.com Read the original post: 16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar...