Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers

Call of Duty: World War II was quietly removed from the Microsoft Store over the weekend after players reported their computers were being hijacked mid-game. According to CyberScoop, the issue may stem from a remote code execution (RCE) vulnerability tied to the game’s peer-to-peer networking model. Some users reported their computers being shut down or their desktop images changed to pornographic content. As of this recording, EA/Activision has not confirmed why the game was taken offline.

(CyberScoop)

Congress has passed—and President Trump has signed—a sweeping tax and spending bill that includes hundreds of millions in cybersecurity funding, largely focused on military priorities. Key allocations include $250 million for U.S. Cyber Command’s AI initiatives, $20 million for DARPA cybersecurity programs, and $1 million for Indo-Pacific Command’s cyber offensive operations. Democrats criticized the package for excluding funding for CISA, arguing it overlooks key threats and weakens federal cybersecurity infrastructure. On the opposite side, republicans argue national defense and military readiness are core drivers of the bill’s cybersecurity spending.  

(CyberScoop)

Brazilian police arrested an IT employee accused of giving hackers inside access that led to over 540 million Brazilian reais (roughly $100 million USD) from the country’s PIX banking system. The insider allegedly sold his credentials to hackers, who used them to carry out a single-night fraud operation targeting financial institutions connected to C&M, a software vendor. The attack did not impact individual users, only banks using C&M’s services. Police are still looking for at least four other suspects allegedly tied to the attack. 

(Security Week)

A new ransomware group called Bert is actively targeting healthcare, tech, and event services companies across Asia, Europe, and the U.S., infecting both Windows and Linux systems. Discovered in April, Bert uses a PowerShell script to disable security tools before deploying the ransomware, which drops a note reading, “Hello from Bert!” Researchers say the malware is still evolving and may reuse code from the defunct REvil gang, with possible links to Russian infrastructure.

(The Record)

Huge thanks to our sponsor,
Vanta

Following a data breach that we first reported last week, Australian airline Qantas now says a “potential cybercriminal” has contacted the company regarding the incident that may have impacted up to six million customers. The airline did not name the suspected hacker but confirmed that the breach stemmed from a compromise of a third-party customer servicing platform, exposing names, emails, phone numbers, dates of birth, and frequent flyer numbers, though no passport or credit card information was taken. The airline says it will begin informing customers about exactly what personal data of theirs was compromised later this week.

(Infosecurity Magazine)

Identity-based cyberattacks have surged 156% since last year, now accounting for nearly 60% of confirmed threats, according to eSentire. Researchers point to phishing-as-a-service tools like Tycoon 2FA and cheap infostealer malware as key drivers, making it easier than ever for cybercriminals to compromise employee credentials and launch BEC scams or ransomware attacks. 

(The Register)

Hackers have been using a leaked version of Shellter Elite, a legitimate AV/EDR evasion tool, to deliver infostealer malware. Shellter Elite confirmed the breach came from a licensed customer saying “We discovered that a company which had recently purchased Shellter Elite licenses had leaked their copy of the software.” While researchers spotted the activity months ago, Shellter says it was never notified. An updated version has been released.

(Bleeping Computer)

Deals and steals as hackers coincidentally kick off one of their favorite days – Amazon Prime Day. Researchers have detected over 1,000 lookalike domains mimicking “Amazon” or “Amazon Prime” in June alone — 87% of which were flagged as malicious or suspicious. Kicking off on July 8th, scammers are using fake login pages and phishing emails designed to steal credentials, with one recent campaign spoofing Amazon support to trick users into clicking fraudulent refund links. Your friendly reminder to shop wisely.

(InfoSecurity Magazine)

Spotify, Apple Podcasts, YouTube, RSS link, Amazon Music, add as an Alexa Skill, or search “Cyber Security Headlines” on your favorite podcast app.