In late June, the U.S. Justice Department released a report detailing an internal security review of the FBI. The investigation, conducted in 2018, led to the arrest of syndicate leader Joaquin “El Chapo” Guzman. According to the document, a person associated with the cartel informed the FBI that the criminal organization had hired a hacker. This cybercriminal infiltrated electronic devices, cell phones, and monitored individuals visiting the U.S. Embassy in Mexico City. A key figure in the surveillance was an FBI assistant legal attaché working overseas. The hacker exploited the FBI employee’s phone number to obtain call and geolocation data, and tapped into the city’s surveillance camera system to track the attaché’s movements and identify the people he met with. The cartel used this information to intimidate and eliminate potential witnesses and informants.
In a separate incident, members of the Spanish Guardia Civil, in coordination with Europol, uncovered a major fraud network that stole more than €460 million from over 5,000 victims worldwide through bogus cryptocurrency investment schemes. On June 25, law enforcement detained three suspects in the Canary Islands and two in Madrid. The investigation, which began in 2023, involved a cryptocurrency expert during the Spanish operation. The organizers created a global scheme to collect funds through bank transfers, cryptocurrency transactions, and cash. They allegedly used payment gateways, cryptocurrency exchange accounts, and a corporate structure linked to Hong Kong. The network operated with agents around the world who lured victims to fake investment platforms.
The release of the game Call of Duty: WWII triggered massive hacks. On July 3, two days after the release, complaints from players began about attacks from an unknown hacker using remote code execution (RCE) exploits. An attacker exploiting multiplayer vulnerabilities executed arbitrary commands on users’ computers while they were playing and streaming. There are known cases of hackers forcibly opening the Notepad application, displaying unwanted content on the screen, and rebooting the system. According to a gamer under the nickname MikeRxqe, the outdated P2P network model used in the game makes it much easier to get the IP addresses of players. In this case, users connect directly to each other, and the IP address of each becomes known to everyone else. The attacker can then send specially crafted network packets directly to the victim. These packets masquerade as legitimate game data but contain malicious payloads. On July 2, Activision conducted short-term technical maintenance on the servers, but there were no official statements regarding any connection to the RCE vulnerability.
In another cybersecurity event, migrants hacked into a program that locates agents of state control. The ICEBlock iPhone app, which allows anonymous reporting of sightings of U.S. Immigration and Customs Enforcement (ICE) agents, went viral following a mention by Attorney General Pam Bondi. The bulk of ICEBlock users—about 20,000 people—are in Los Angeles, where ICE raids have become commonplace in recent weeks. After Bondi’s evening statements, the following day on July 2, it made the list of the most downloaded free software in the United States. With ICEBlock, users can share the location of ICE agents within an ~8 km radius. The app sends a notification when enforcement officers are spotted in the vicinity.
On July 1, Spanish police arrested two men in Las Palmas province on suspicion of cybercrimes, including stealing data from the country’s government agencies. Both suspects have been characterized as a “serious threat to national security.” The investigation began after law enforcement officials detected a leak of personal data. The leaked data directly concerned politicians, representatives of the central and regional governments, as well as media workers. It is believed that the first suspect specialized in siphoning data, while the second managed the financial part: selling access to databases and accounts, as well as controlling the cryptocurrency wallet that received the funds. Both were detained. During the searches, police seized a large number of electronic devices that could lead to new evidence, buyers, or accomplices.
North Korean hackers are using a new macOS malware family, NimDoor, targeting cryptocurrency and Web3 organizations. The attack chain includes contacting victims via Telegram and trying to convince them to install a fake update for Zoom. The malware is being distributed via the Calendly meeting scheduling service and email. In a report published on July 2, SentinelOne experts said the attackers used binaries compiled in C++ and Nim to attack macOS, which is a fairly rare choice. The most sophisticated element of the attack is the event-driven CoreKitAgent application. A notable feature is the use of persistence mechanisms that make it difficult to terminate or delete.
At the TROOPERS security conference, researchers from ERNW disclosed three vulnerabilities in Airoha chips (SoCs). They are widely used in speakers, headphones, headsets, and wireless microphones across 29 types of devices. Hackers can exploit the Bluetooth chipset to eavesdrop and steal sensitive information. At risk are gadgets from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel. Security issues allow attackers to gain control of your device. On some smartphones, an attacker within Bluetooth range can extract call history and contact lists. Airoha has released an updated SDK with the necessary protection measures, and device manufacturers have already started developing and distributing patches.
According to data from ESET experts, the number of thefts via contactless payment systems continues to grow. In the first half of the year alone, the number of NFC attacks worldwide increased by a factor of 35 compared to 2024. This scheme combines standard attack methods (social engineering, phishing, Android malware) with a tool called NFCGate to create an entirely new scenario. The NGate malware allows relaying NFC data between two devices remotely, including bank cards, and bypasses security by acting on behalf of the victim.
More than 40 malicious extensions that steal private keys have been discovered in Firefox. The extensions are disguised as legitimate ones and have a huge number of fake reviews and ratings to gain trust. More than 40 fake extensions for the Firefox browser are designed to steal cryptocurrency wallet data. They masquerade as solutions from popular platforms: Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. Once installed, the software stealthily steals data, putting users’ assets at risk. During initialization, the attackers also send the victim’s external IP address, presumably for tracking or pinpoint targeting. The campaign has been active since at least April 2025. New malicious extensions were uploaded to the Firefox catalog as recently as the last days of June.
In summary, the recent cybersecurity events highlight the evolving threats in the digital landscape. The infiltration of the FBI by a cartel-hired hacker underscores the sophistication of cybercriminals and their ability to exploit vulnerabilities in high-security environments. The Spanish fraud network’s success in stealing millions through cryptocurrency schemes demonstrates the global reach and complexity of modern cybercrime. The vulnerabilities in popular games like Call of Duty: WWII and the ICEBlock app show how everyday technologies can be exploited for malicious purposes. The arrests of hackers targeting high-ranking officials and journalists in Spain, along with the discovery of new malware targeting cryptocurrency organizations, further emphasize the need for robust cybersecurity measures. The vulnerabilities in Bluetooth devices and the rise in contactless payment thefts indicate that even seemingly secure technologies are not immune to attacks. The proliferation of malicious browser extensions adds another layer of risk for users, highlighting the importance of vigilance and awareness in the digital age.
Click Here For The Original Source.
