Over 80% of Sports Organizations Targeted by Hackers in the Last Year
(Danny Palmer – Infosecurity Magazine) Over 80% of professional sports organizations were targeted by cyber-attacks during the last year and over half of them were hit more than once, researchers have warned. In a report published on June 11, the day the FIFA World Cup 2026 kicked off, figures from Darktrace revealed that 84% of sports organizations – including teams, venues and event bodies – were targeted by cyber-attacks during the last year. And for most of them, facing a cyber-attack was not a one-off event: 57% experienced multiple cyder incidents in the 12-month period. – Over 80% of Sports Organizations Targeted by Hackers in the Last Year – Infosecurity Magazine
What The FIFA World Cup 2026 Means For Fraud
(Thomas Peacock – Infosecurity Magazine) Ranked fourth in the world in FIFA’s latest rankings after breezing through the European qualifiers without conceding a single goal, the Three Lions find themselves one of the favourites (only Spain and France command more favourable betting odds) to bring home the England’s first World Cup in 60 years, at this summer’s tournament, co-hosted by the U.S., Canada, and Mexico. Whether Thomas Tuchel’s squad can live up to those expectations will also have an indirect impact on consumer banking activity and fraud back home. Nearly 1.5 billion viewers around the world tuned in to watch the 2022 World Cup final between Argentina and France, capping months of ticket purchasing, flight booking, hotel reservations, memorabilia buying, pub tabs, and sports betting. The longer England remains in this summer’s tournament, the more we can expect consumer banking and spending behaviour in the country to change, and the more opportunities fraudsters will find to exploit those changes. – What The FIFA World Cup 2026 Means For Fraud – Infosecurity Magazine
Iranian Cyber Group Handala Claims Cal Water Hack
(Ionut Arghire – SecurityWeek) The Iran-linked threat actor Handala this week boasted to have hacked California Water Service (Cal Water), and published 5 gigabytes of data allegedly stolen from the US water utility. In a post on their blog, the hacking group said the intrusion was retaliation for recent US actions in Iran and claimed they had the ability to disrupt water access but chose not to. While the level of access Handala had has not been confirmed, threat intelligence company Dataminr says the threat actor likely hacked into Cal Water’s RTKBase instance, a GNSS base station platform, and then moved laterally to a billing system. Cal Water is one of the largest investor-owned water utilities in the US, with roughly two million customers across 100 communities in California. – Iranian Cyber Group Handala Claims Cal Water Hack – SecurityWeek
Industry Reactions to Claude Fable 5: Feedback Friday
(Eduard Kovacs – SecurityWeek) Claude Fable 5 has become generally available, with Anthropic unveiling it as a powerful Mythos-class AI model. The release includes robust safeguards that restrict its capabilities in high-risk domains. In sensitive areas such as cybersecurity (where it could be misused to create exploits) and biology (where it could assist in developing bioweapons or chemical weapons), Fable 5 automatically falls back to the less capable Claude Opus 4.8. Anthropic stated that it performed extensive internal and external red-teaming to ensure the model is highly resistant to jailbreaking. – Industry Reactions to Claude Fable 5: Feedback Friday – SecurityWeek
GitHub to Update npm to Thwart Software Supply Chain Attacks
(Kevin Poireault – Infosecurity Magazine) NPM has announced new version (v12) of the npm package manager in a bid to prevent software supply chain attacks. In a blog post published on June 9, The team of npm developers at Microsoft-owned GitHub announced three security-focused breaking changes that will transition the package manager from a model of implicit trust to explicit opt-in. Available from July 2026, these changes represent a fundamental shift in how the ecosystem handles dependencies. – GitHub to Update npm to Thwart Software Supply Chain Attacks – Infosecurity Magazine
21,786 Home Cameras, No Password, No Warning
(Pierluigi Paganini – Security Affairs) In May 2026, Mysterium VPN queried a public internet-wide device index to count every camera and recorder that answers the open internet. They found more than three million reachable devices. Of those, 21,786 were streaming live video to anyone who pointed a browser at them, with no login, no challenge, and no warning to the person on the other side of the lens. That number is a floor, not a ceiling. Two brands dominate the internet-reachable camera market: Hikvision and Dahua together account for most of the three million. But the headline figure isn’t about them. – 21,786 Home Cameras, No Password, No Warning
Feds want Mythos—and clear usage guidance from the White House
(Alexandra Kelley, David DiMolfetta – Defense One) Several senior federal technology officials responsible for agency cybersecurity and IT systems are frustrated by the lack of White House guidance on adopting Anthropic’s powerful Mythos model, several sources told Nextgov/FCW. Agency chief information officers, or CIOs, manage swaths of digital infrastructure that supports government operations and are facing renewed pressure to better defend agency networks as officials assess how powerful AI systems could help hackers find and exploit vulnerabilities faster. Anthropic surgically rolled out Mythos access to select organizations in early April and recently expanded this effort — dubbed Project Glasswing — to partners in industry and other nations. The model has been going through a non-public distribution process on grounds that, in the wrong hands, it can boost adversaries’ hacking capabilities. – Feds want Mythos—and clear usage guidance from the White House – Defense One
University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft
(Alexander Martin – The Record) The University of Nottingham in England confirmed a cyber incident Wednesday, announcing a “significant amount” of data affecting both current and former students had been accessed by an external third party. According to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including those in its foreign campuses in Malaysia and China as well as in Nottingham. – University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft | The Record from Recorded Future News
Hacker linked to Void Blizzard faces charges over cyberespionage campaign
(Daryna Antoniuk – The Record) A Russian national with suspected links to the Void Blizzard hacking group appeared in U.S. federal court this week on charges of supporting a Kremlin-linked cyberespionage campaign that targeted U.S. companies, according to media reports. Denis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S. custody from Thailand, where he was arrested last November. Russian state media previously reported that Obrezko is a native of the southwestern Russian city of Stavropol and had worked for Russian technology companies developing high-tech systems for domestic industries. – Hacker linked to Void Blizzard faces charges over cyberespionage campaign | The Record from Recorded Future News
