Operation Endgame Disrupts SocGholish Malware Network

🔗 https://cybersecurefox.com/en/operation-endgame-socgholish-wordpress-malware

#socgholish #fakeupdates #operation #endgame #wordpress #malware #initial #access #broker

New #SocGholish C2:

hXXps://gallery.garrettcountygranfondo[.]org/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
gallery.garrettcountygranfondo[.]org
45[.]32.172.21
AS20473 The Constant Company, LLC

🕵🏻‍♂️ [InfoSec MASHUP] 25/2026 - Client-Side Authorization Is Not Authorization

BobDaHacker didn't find a zero-day. She didn't exploit a memory corruption bug or chain together three CVEs. She uploaded a photo of her ID to FIFA's public agent registration portal, got added to FIFA's #Microsoft Entra tenant, and walked straight into the live production Streaming Management panel for the #FIFA World Cup 2026. Every match. Every camera angle. Every RTMP stream key. One click away from replacing the PGM feed — the main broadcast output going to every TV network worldwide — with whatever she felt like pushing. She did not push anything. She spent the rest of the night calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.

The root cause is almost insultingly mundane: client-side authorization with no server-side enforcement. The Angular frontend checked the JWT, found no roles, showed an "access denied" page. The backend APIs didn't check anything. FIFA fixed it by the next morning without ever responding to the researcher. She's still on their official match document distribution list, receiving Start Lists and Tactical Lineups in four languages. The vulnerability is gone. The bug bounty program, the security.txt file, and the acknowledgment to the person who saved them from a global broadcast catastrophe remain absent. Client-side authorization is not authorization. It's 2026.

→ Week #25/2026 also covers: The #SocGholish botnet is down after nine years, Texas leaked 3M driver's licenses and passports, and dozens of cybersecurity vets are calling the #Anthropic ban dangerous

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-25-2026-client-side-authorization-is-not-authorization

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel #AI

Civilians behind international police probe into Russian cybercriminals

https://fed.brid.gy/r/https://globalnews.ca/news/11915435/russian-cybercriminals-scam-wordpress/

Operation #Endgame putzt #SocGholish #Malware von #WordPress Blogs und schaltet Server ab.

https://borncity.com/blog/2026/06/20/operation-endgame-schaltet-socgholish-malware-infrastruktur-ab/

📰 Operation Endgame: Global Law Enforcement Disrupts SocGholish, Cleans 15,000 Infected Websites

✅ SUCCESS: 'Operation Endgame' disrupts the SocGholish botnet linked to Evil Corp! Law enforcement seized 106 servers and cleaned nearly 15,000 infected WordPress sites, crippling a major ransomware entry point. #SocGholish #OpEndgame #Cybercrime

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/global-police-operation-cleans-15000-sites-in-socgholish-takedo…

Fazit: Hätte man Updates zeitnah eingespielt, wäre die Wahrscheinlichkeit geringer gewesen kompromittiert zu werden.

#OperationEndgame: Ermittler säubern tausende Blogs von #SocGholish | Security https://www.heise.de/news/Operation-Endgame-Ermittler-saeubern-tausende-Blogs-von-SocGholish-11337399.html #malware

#Police cleans nearly 15,000 #SocGholish-infected sites tied to #EvilCorp

https://www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/

#OperationEndgame #cybercrime #cybersecurity