"Whether an attack was created by AI or by a human is largely irrelevant. The same controls that help organizations safely adopt AI are the ones that help defend against AI-generated attacks. Preventative Zero Trust solutions are not reliant on AI fighting AI. Deny-by-default simply blocks unauthorized activity regardless of the source." - Danny Jenkins
From the ThreatLocker blog
World Cup cyber threats, wellness industry fraud, and cybersecurity burnout
Ticketing scams, Wi-Fi spoofing, supply chain compromise, and more
What's happening: The 2026 World Cup has kicked off, and organizers, participants, vendors, and governments are preparing for a massive amount of malicious cyber activity. Fans should be on the lookout for these common scams: phishing scams, fraudulent ticket and merchandise websites, and Wi-Fi spoofing near stadiums. FIFA, their partners, and the infrastructure behind the event should be wary of ransomware campaigns, disruptions to transportation and emergency services, supply chain compromise, and ticketing compromise.
Why it matters: Major sporting events have long been a favorite arena for threat actors. Cybercriminals heavily targeted the 2018 and 2024 Olympics as well as the 2022 World Cup causing various disruptions.
The big picture: Defending against cyberattacks hinges on assuming compromise and being prepared. At the 2024 Olympics, France's cybersecurity agency deployed a massive team of experts to cover and secure the event which helped the Games continue with little interruption. What kind of cyber threats loom over the 2026 World Cup?
Unlike healthcare, there are limited guardrails when it comes to wellness
What's happening: The wellness economy has exploded and become a victim of its own accelerated growth. Outside of hospitals, clinics, and healthcare practices, there is a massive commercial market behind sleep, diet, longevity, and lifestyle. This has led to countless online pharmacies operating outside regulatory standards, AI-generated endorsements, fraudulent websites, and risky apps. Many of these apps or services require personal health information, and it is not kept as private as users might be assuming.
Why it matters:The wellness industry puts speed and accessibility first, before digital safety. Systems aren't being broken into. Instead, data collection and sharing are part of normal operations for most subscriptions or apps.
The big picture: The industry is starting to respond with stricter rules on advertising and disclosures, but once the audience is reached, the damage is done. Much like in cybersecurity, if something is allowed to operate freely, it becomes easier to abuse. Trust, cyberfraud, and the trillion-dollar wellness industry.
Supporting team well-being is as crucial as protecting systems
What's happening: Cybersecurity is an always-on work environment thanks to rising digital demands and a constant expectation of perfection. In a 2025 ISACA report, more than half of the professionals polled said their teams were understaffed, and two-thirds said their job is more stressful than it was five years ago. Another report revealed that the skills gap is widening, and employee attrition is growing. Many turn to AI solutions for simpler tasks, but this only increases risk for IT teams.
Why it matters:A sustainable security team requires investment in recovery time, mental health support, and realistic workloads. This is critical to retaining top talent and responding effectively.
The big picture: Zero Trust was built to reduce operational strain and alert fatigue on security teams. With greater visibility and control, teams have more time to respond to alerts in a calm manner and will have less stress in their day-to-day work. How Zero Trust controls can help prevent burnout for your security team.
"ThreatLocker integrated seamlessly with our existing security stack. We didn’t replace anything—we added to it. It helped us move toward a least privilege model and acts as a strong last line of defense."
What's happening: Microsoft owned Azure/durabletask repository was compromised with a malicious commit that was designed to execute a JavaScript file using node. Microsoft swiftly disabled 73 repositories to prevent further damage. This commit contained payloads which executed the moment developers opened the repository, unlike prior campaigns which relied on a malicious package being installed. The campaign also specifically targets StepSecurity's Harden-Runner, suggesting an effort to disable or evade security controls.
Why it matters: This is the second supply chain attack in quick succession using the Miasma worm, following the Red Hat npm compromise. In this instance, by identifying Harden-Runner components, the attack was designed to operate undetected.
The big picture: The Miasma worm is believed to be a variant of the Mini Shai-Hulud worm released by TeamPCP in May, and it has mutated and refined its tactics since. The biggest worry regarding the worm is it continuously exploits the implicit trust most platforms have in software delivery. Get IOCs, repo name list, and mitigations for Miasma worm.
RoguePlanet can grant attackers SYSTEM-level privileges
What's happening: Researcher Nightmare Eclipse has released another new proof-of-concept exploit targeting Windows Defender. The zero-day exploit is called RoguePlanet, and it is a local privilege escalation (LPE) exploit that abuses a race condition in Defender's internal processing logic. If successfully executed, a standard underprivileged user can leverage the vulnerability to execute code at the highest privilege level.
Why it matters:The race condition flaw is in the same class of vulnerability as the previously exploited BlueHammer, and it has been confirmed to work on fully patched Windows 10 and Windows 11 systems.
The big picture: As ThreatLocker CEO Danny Jenkins shared with Bleeping Computer, application allowlisting policies will prevent this exploit from executing. Threats will continue to evolve and advance, but a security framework focused on continuous verification and prevention first remains an effective layer of protection. Get the full RoguePlanet analysis and demo.
ThreatLocker events
Meet the Cyber Hero Team in person at these upcoming events