← Latest cybersecurity roundup All past issues

cybersecurityWednesday, June 17, 2026

FIFA flaw, Fable 5 ban, and PhaaS factory

Today's cybersecurity landscape is dominated by three very different threats: a researcher could have rickrolled the World Cup, the Feds overreacted to a simple AI prompt, and a PhaaS factory is weaponizing legitimate RMM tools. Each story underscores how the attack surface is expanding in unexpected ways.

Sources

#01bobdahacker.comJun 17

I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

A researcher found they could access live FIFA World Cup camera feeds by simply registering on FIFA's Agent Platform. The vulnerability gave them RTMP ingest URLs and stream keys for every match, meaning they could have replaced the broadcast with anything, including a Rickroll. It took hours of contacting FIFA, MediaKind, HBS, CISA, and the FBI at 3am Tokyo time to get it fixed.

10 min readRead original

#02www.theregister.comJun 17

Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher

The Trump administration's export ban on Anthropic's Fable 5 model was triggered by a three-word prompt: 'Fix this code.' Researcher Katie Moussouris, the only outside expert to read the paper, says it wasn't a sophisticated jailbreak, and the government's national security rationale may be overblown. Every outlet is talking about this today.

3 min readRead original

#03undercodetesting.comJun 17

The Quarry: Inside The PhaaS Factory That's Weaponizing Legitimate RMM Tools For Mass Cybercrime +

SOCRadar uncovered 'The Quarry,' a Phishing-as-a-Service toolkit run by a single developer since April 2025. It supplies nearly 200 criminal operators with infrastructure that weaponizes legitimate Remote Monitoring and Management tools to bypass defenses. This is a factory for mass phishing, not a lone wolf.

#04www.theatlantic.comJun 17

Nothing on the Internet Is Secure Anymore

The Atlantic argues that AI-powered hacking tools have made everything insecure, targeting hospitals, energy grids, and banks. Traditional protections like firewalls and two-factor authentication are no longer enough. It's a bleak but accurate view of the current state of play.

#05hackernoon.comJun 17

Every Tool You Give an AI Agent Becomes a Security Decision

Hackernoon makes the point that every tool you give an AI agent becomes a security decision. Traditional security focuses on what the AI says, but the real risk is what it does: resetting passwords, issuing refunds, accessing internal systems. The paradigm has to shift.

Also today8

Two Taiwanese indicted for buying hospital records from Chinese hackers - Taipei Timeswww.taipeitimes.com
Two Taiwanese nationals were indicted in Taipei for allegedly purchasing personal medical records stolen by a Chinese hacking group from Taiwanese hospital servers, with the intent to resell the data. The indictment was announced by the Taipei District Prosecutors' Office.
New initiative aims to eliminate unregistered SIMs from banking systemphnompenhpost.com
The National Bank of Cambodia (NBC) and the Ministry of Posts and Telecommunications have launched a joint campaign to verify that SIM card users' identities match their bank and payment service accounts. The initiative, announced on June 17, aims to protect citizens' digital fin

Browse the cybersecurity archive →