Plus: How you can prevent burnout ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
Zero Trust Weekly

This week in Zero Trust

Where trust goes, attackers will follow

Estimated reading time: 5-6 minutes

 

In this issue:

  • Cyber threats loom over the 2026 World Cup
  • Why the wellness industry is a breeding ground for cyberfraud
  • How to protect your team from burnout
  • Threats you need to know: Miasma worm strikes again and Windows Defender zero-day
View in browser

Manage preferences

From the CEO

AI or human, the answer is the same

 

"Whether an attack was created by AI or by a human is largely irrelevant. The same controls that help organizations safely adopt AI are the ones that help defend against AI-generated attacks. Preventative Zero Trust solutions are not reliant on AI fighting AI. Deny-by-default simply blocks unauthorized activity regardless of the source."  - Danny Jenkins

From the ThreatLocker blog

World Cup cyber threats, wellness industry fraud, and cybersecurity burnout

 

2026 World Cup invites countless cyber threats

Ticketing scams, Wi-Fi spoofing, supply chain compromise, and more

  • What's happening: The 2026 World Cup has kicked off, and organizers, participants, vendors, and governments are preparing for a massive amount of malicious cyber activity. Fans should be on the lookout for these common scams: phishing scams, fraudulent ticket and merchandise websites, and Wi-Fi spoofing near stadiums. FIFA, their partners, and the infrastructure behind the event should be wary of ransomware campaigns, disruptions to transportation and emergency services, supply chain compromise, and ticketing compromise.  
  • Why it matters: Major sporting events have long been a favorite arena for threat actors. Cybercriminals heavily targeted the 2018 and 2024 Olympics as well as the 2022 World Cup causing various disruptions. 
  • The big picture: Defending against cyberattacks hinges on assuming compromise and being prepared. At the 2024 Olympics, France's cybersecurity agency deployed a massive team of experts to cover and secure the event which helped the Games continue with little interruption. 
    What kind of cyber threats loom over the 2026 World Cup?

Cyber fraud is rampant in the wellness industry

Unlike healthcare, there are limited guardrails when it comes to wellness

  • What's happening: The wellness economy has exploded and become a victim of its own accelerated growth. Outside of hospitals, clinics, and healthcare practices, there is a massive commercial market behind sleep, diet, longevity, and lifestyle. This has led to countless online pharmacies operating outside regulatory standards, AI-generated endorsements, fraudulent websites, and risky apps. Many of these apps or services require personal health information, and it is not kept as private as users might be assuming. 
  • Why it matters: The wellness industry puts speed and accessibility first, before digital safety. Systems aren't being broken into. Instead, data collection and sharing are part of normal operations for most subscriptions or apps. 
  • The big picture: The industry is starting to respond with stricter rules on advertising and disclosures, but once the audience is reached, the damage is done. Much like in cybersecurity, if something is allowed to operate freely, it becomes easier to abuse.  
    Trust, cyberfraud, and the trillion-dollar wellness industry.

The pressure is on security teams

Supporting team well-being is as crucial as protecting systems

  • What's happening: Cybersecurity is an always-on work environment thanks to rising digital demands and a constant expectation of perfection. In a 2025 ISACA report, more than half of the professionals polled said their teams were understaffed, and two-thirds said their job is more stressful than it was five years ago. Another report revealed that the skills gap is widening, and employee attrition is growing. Many turn to AI solutions for simpler tasks, but this only increases risk for IT teams.
  • Why it matters: A sustainable security team requires investment in recovery time, mental health support, and realistic workloads. This is critical to retaining top talent and responding effectively.
  • The big picture: Zero Trust was built to reduce operational strain and alert fatigue on security teams. With greater visibility and control, teams have more time to respond to alerts in a calm manner and will have less stress in their day-to-day work. 
    How Zero Trust controls can help prevent burnout for your security team.

"ThreatLocker integrated seamlessly with our existing security stack. We didn’t replace anything—we added to it. It helped us move toward a least privilege model and acts as a strong last line of defense."

 

Robert Johnson

VP of Enterprise Networks & Systems, Georgia Military College

Try ThreatLocker in your environment

 Threats you need to know

Miasma worm hits 73 GitHub repositories and RoguePlanet hits Defender

 

Miasma worm compromises Azure/durabletask repository

Latest campaign aims to disable security controls

  • What's happening: Microsoft owned Azure/durabletask repository was compromised with a malicious commit that was designed to execute a JavaScript file using node. Microsoft swiftly disabled 73 repositories to prevent further damage. This commit contained payloads which executed the moment developers opened the repository, unlike prior campaigns which relied on a malicious package being installed. The campaign also specifically targets StepSecurity's Harden-Runner, suggesting an effort to disable or evade security controls.

  • Why it matters: This is the second supply chain attack in quick succession using the Miasma worm, following the Red Hat npm compromise. In this instance, by identifying Harden-Runner components, the attack was designed to operate undetected. 
  • The big picture: The Miasma worm is believed to be a variant of the Mini Shai-Hulud worm released by TeamPCP in May, and it has mutated and refined its tactics since. The biggest worry regarding the worm is it continuously exploits the implicit trust most platforms have in software delivery. 
    Get IOCs, repo name list, and mitigations for Miasma worm.

Nightmare Eclipse releases new zero-day exploit

RoguePlanet can grant attackers SYSTEM-level privileges

  • What's happening: Researcher Nightmare Eclipse has released another new proof-of-concept exploit targeting Windows Defender. The zero-day exploit is called RoguePlanet, and it is a local privilege escalation (LPE) exploit that abuses a race condition in Defender's internal processing logic. If successfully executed, a standard underprivileged user can leverage the vulnerability to execute code at the highest privilege level. 

  • Why it matters: The race condition flaw is in the same class of vulnerability as the previously exploited BlueHammer, and it has been confirmed to work on fully patched Windows 10 and Windows 11 systems. 

  • The big picture: As ThreatLocker CEO Danny Jenkins shared with Bleeping Computer, application allowlisting policies will prevent this exploit from executing. Threats will continue to evolve and advance, but a security framework focused on continuous verification and prevention first remains an effective layer of protection. 
    Get the full RoguePlanet analysis and demo.

ThreatLocker events

Meet the Cyber Hero Team in person at these upcoming events

  • RMISC | June 23–25
    Denver, Colorado
  • GITEX Europe | June 30–July 1
    Berlin, DE
  • SANSFIRE | July 14–15
    Washington D.C.
  • Black Hat USA | August 1–6
    Las Vegas, Nevada
  • Gartner SRM Brazil | August 4–5
    Sao Paulo, BR
  • GRC Conference | August 17–19
    Chula Vista, CA
See more upcoming events
How to stop phishing and session hijacking attacks.

Long thought to be the leading solution to identity verification, MFA has become a vulnerability against emerging AI attack capabilities. 

 

Join us Tuesday, June 16 and explore how to overcome these vulnerabilities and enhance identity security beyond MFA. 

 

MFA is not strong enough: How to stop phishing and session-hijacking attacks

11 a.m. EDT | Join live to earn CPE credits

Reserve your spot
ThreatLocker: Zero Trust Platform | Zero Trust Weekly

ThreatLocker, 1901 Summit Tower Blvd, Orlando, Florida 32810, United States

Manage preferences

Connect with us

                             

©2026 ThreatLocker Inc., All Rights Reserved