CybelAngel

Last week’s biggest cyber new stories all share one root cause: insecure defaults: legacy VPN paths left on, victims trusting “IT support” calls, risk labels misread as safe, dependency scripts running by default, and browsers storing sensitive secrets locally.

Read more in our weekly roundup: https://eu1.hubs.ly/H0wbdRL0

CybelAngel found 344 domains are actively impersonating the official FIFA World Cup 2026 website.

A coordinated phishing campaign has been running since November 2025, and that's just one of four fraud vectors our REACT team documented ahead of the tournament opening.

Tickets, visas, betting platforms, job offers. Every transaction fans are making right now has been weaponised.

Since Qatar 2022, AI has made it possible to clone a site, fabricate an identity, and launch a campaign in minutes. The attack volume reflects that directly.

CybelAngel gathered 468 indicators of compromise across all four vectors. Access this threat not,and the full IOC CSV, now: https://eu1.hubs.ly/H0w853t0

Wrap up a packed week of cybersecurity news with the seven things to know about the LiteLLM CVE-2026-42271 exploit: https://eu1.hubs.ly/H0w52sn0

The BBC reports that South Korea has just issued its largest-ever data breach fine: $400M against e-commerce giant Coupang, after a breach exposed the personal data of 30 million customers, more than half the country's population. Names, contact details, delivery addresses, order histories and more were all exposed.

The fine covers both the breach itself and the non-consensual collection of data:

Coupang: South Korea fines e-commerce giant $400m over massive data breach The record fine comes after around 37.5 million users had their private data exposed.

On May 23rd, CybelAngel analyst Lisa Inacio detected two linked GitHub repositories containing a fully functional fraud tool targeting a major regional telecoms loyalty program. By May 25th, she had delivered a complete report to the client, including a confirmed malicious domain and 23 abuse flags across 13 independent threat intelligence sources. The client had no prior visibility into any of it.

The tool wasn't on the dark web or behind an obfuscated domain. It was sitting in a public GitHub repository, with a live deployment link embedded in the code, giving attackers direct access to internal API endpoints.

Lisa breaks down the full story in the comments.

Mamoun Kharbouch and Mehdi El Maazi are representing CybelAngel at SIT Africa in Marrakech, 9–12 June, alongside our partner Formind Africa and Middle East. Say hello if you're there, they're up for conversations on external exposure, brand protection and threat intelligence!

Most organisations run a Google dork sweep once a quarter during a scheduled audit. Ransomware operators run the same queries automatically, across millions of domains, every day.

The gap between those two cadences is where exposures go undetected. We mapped the full attacker reconnaissance chain, from the four target categories they prioritise and the dork combinations that surface the most valuable results.

Read it here: https://eu1.hubs.ly/H0w2gfG0

Medhi and Joey are heading to Charlotte very soon!

CybelAngel is partnering with CyberRisk Alliance for the Charlotte Leadership Exchange on June 23rd at the JW Marriott Charlotte.
This is an exclusive gathering for security leaders to connect, share intelligence, and discuss the threats shaping enterprise security in 2026.

If you’re a CISO or security executive in the Charlotte area, this is the room to be in.

Since January 2026, the CybelAngel REACT analyst team has identified close to 200 malicious domains, URLs, and infrastructures linked specifically to the FIFA World Cup 2026.

Where earlier campaigns leaned on fan-facing impersonation, the current wave is targeting hotel groups, ticketing platforms, and the partners sitting two or three suppliers deep in the sponsor ecosystem.

Read more of our world cup analysis in our latest eBook: https://eu1.hubs.ly/H0v_ntL0

Looking for something new in cybersecurity? Our open roles offer a fast-paced challenge in diverse teams.

Check our all of our open roles here: https://bit.ly/4fYDqp0