In late June, the U.S. Justice Department released a report detailing an internal security review of the FBI. The investigation, conducted in 2018, led to the arrest of syndicate leader Joaquin “El Chapo” Guzman. According to the report, a person associated with the cartel informed the FBI that the criminal organization had hired a hacker. This cybercriminal infiltrated electronic devices and cell phones, monitoring individuals visiting the U.S. Embassy in Mexico City. A key figure in this surveillance was an FBI assistant legal attaché working overseas. The hacker exploited the FBI employee’s phone number to obtain call and geolocation data, and tapped into the city’s surveillance camera system to track the attaché’s movements and identify his associates. The cartel used this information to intimidate and eliminate potential witnesses and informants.
In a separate incident, members of the Spanish Guardia Civil, in coordination with Europol, uncovered a major fraud network that stole over €460 million from more than 5,000 victims worldwide through bogus cryptocurrency investment schemes. On June 25, law enforcement detained three suspects in the Canary Islands and two in Madrid. The investigation, which began in 2023, involved a cryptocurrency expert and revealed that the organizers created a global scheme to collect funds through bank transfers, cryptocurrency transactions, and cash. They allegedly used payment gateways, cryptocurrency exchange accounts, and a corporate structure linked to Hong Kong. The network operated with agents around the world who lured victims to fake investment platforms.
The release of the game Call of Duty: WWII triggered a wave of hacks. On July 3, just two days after the game’s release, players began reporting attacks from an unknown hacker using remote code execution (RCE) exploits. The attacker exploited multiplayer vulnerabilities to execute arbitrary commands on users’ computers while they were playing and streaming. Known cases include hackers forcibly opening the Notepad application, displaying unwanted content on the screen, and rebooting the system. According to a gamer under the nickname MikeRxqe, the outdated P2P network model used in the game makes it easier for hackers to obtain players’ IP addresses. In this model, users connect directly to each other, making their IP addresses known to everyone else. The attacker can then send specially crafted network packets directly to the victim, masquerading as legitimate game data but containing malicious payloads. On July 2, Activision conducted short-term technical maintenance on the servers, but there were no official statements regarding any connection to the RCE vulnerability.
In another cybersecurity event, the ICEBlock iPhone app, which allows anonymous reporting of sightings of U.S. Immigration and Customs Enforcement (ICE) agents, went viral following a mention by Attorney General Pam Bondi. The bulk of ICEBlock users—about 20,000 people—are in Los Angeles, where ICE raids have become commonplace in recent weeks. After Bondi’s evening statements, the app made the list of the most downloaded free software in the United States the following day. With ICEBlock, users can share the location of ICE agents within an ~8 km radius. The app sends a notification when enforcement officers are spotted in the vicinity.
On July 1, Spanish police arrested two men in Las Palmas province on suspicion of cybercrimes, including stealing data from the country’s government agencies. Both suspects were characterized as a “serious threat to national security.” The investigation began after law enforcement officials detected a leak of personal data concerning politicians, representatives of the central and regional governments, as well as media workers. It is believed that the first suspect specialized in siphoning data, while the second managed the financial part: selling access to databases and accounts, as well as controlling the cryptocurrency wallet that received the funds. Both were detained, and during the searches, police seized a large number of electronic devices that could lead to new evidence, buyers, or accomplices.
North Korean hackers are using a new macOS malware family, NimDoor, targeting cryptocurrency and Web3 organizations. The attack chain includes contacting victims via Telegram and trying to convince them to install a fake update for Zoom. The malware is being distributed via the Calendly meeting scheduling service and email. In a report published on July 2, experts said the attackers used binaries compiled in C++ and Nim to attack macOS, which is a fairly rare choice. The most sophisticated element of the attack is the event-driven CoreKitAgent application. A notable feature is the use of persistence mechanisms that make it difficult to terminate or delete.
At the TROOPERS security conference, researchers disclosed three vulnerabilities in Airoha chips (SoCs), which are widely used in speakers, headphones, headsets, and wireless microphones across 29 types of devices. Hackers can exploit the Bluetooth chipset to eavesdrop and steal sensitive information. At risk are gadgets from various manufacturers. Security issues allow attackers to gain control of your device. On some smartphones, an attacker within Bluetooth range can extract call history and contact lists. Airoha has released an updated SDK with the necessary protection measures, and device manufacturers have already started developing and distributing patches.
According to data from experts, the number of thefts via contactless payment systems continues to grow. In the first half of the year alone, the number of NFC attacks worldwide increased by a factor of 35 compared to 2024. This scheme combines standard attack methods with a tool called NFCGate to create an entirely new scenario. The NGate malware allows relaying NFC data between two devices remotely, including bank cards, and bypasses security by acting on behalf of the victim.
More than 40 fake extensions for the Firefox browser are designed to steal cryptocurrency wallet data. They masquerade as solutions from popular platforms. Once installed, the software stealthily steals data, putting users’ assets at risk. During initialization, the attackers also send the victim’s external IP address, presumably for tracking or pinpoint targeting. The campaign has been active since at least April 2025. New malicious extensions were uploaded to the Firefox catalog as recently as the last days of June.
Click Here For The Original Source.
