Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines - Detailed Summary

Hosted by CISO Series | Release Date: July 8, 2025

The latest episode of Cyber Security Headlines by CISO Series, hosted by Lauren Verno, delves into a range of critical issues affecting the information security landscape. From high-profile game vulnerabilities to sophisticated ransomware attacks, this episode provides a comprehensive overview of the day's most pressing cybersecurity events.

1. Call of Duty Game Pulled from PC Store

Timestamp: [00:06]

The episode opens with a significant development in the gaming world. Call of Duty: World War II was removed from the Microsoft Store over the weekend following reports from players experiencing severe cybersecurity issues during gameplay. Lauren Verno states:

"Call of Duty World War II was quietly removed from the Microsoft Store over the weekend after players reported their computers were being hijacked mid game."

The removal is attributed to a remote code execution vulnerability linked to the game's peer-to-peer networking model. Affected users reported behaviors such as unexpected computer shutdowns and their desktop images being replaced with pornographic content. As of the recording, EA Activision has not publicly confirmed the specific reasons for the game's withdrawal.

2. U.S. Military Receives Cybersecurity Funding Boost

Timestamp: [00:37]

In a significant move for national security, Congress has passed, and President Trump has signed, a comprehensive tax and spending bill that allocates substantial funds to bolster cybersecurity within the U.S. military. Key allocations include:

$250 million for U.S. Cyber Commands
$20 million for DARPA cybersecurity programs
$1 million for Indo-Pacific Command's cyber offensive operations

Lauren Verno highlights the political dynamics surrounding this funding:

"Now, Democrats have criticized the package for excluding funding for CISA, arguing it overlooks key threats and weakens federal cybersecurity infrastructure."

Conversely, Republicans defend the allocation, emphasizing that national defense and military readiness are the primary drivers behind the cybersecurity investments.

3. Insider Threat Leads to Massive Theft in Brazilian Banking

Timestamp: [02:23]

A severe breach in Brazil's banking sector has come to light, involving an IT employee who facilitated a $100 million theft. The employee allegedly compromised the Pix banking system by selling his credentials to hackers, enabling a sophisticated one-night fraud operation. Key points include:

The attack targeted financial institutions connected to software vendor CNM.
Over 540 million Brazilian Reais were stolen (~$100 million USD).
Individual users remained unscathed; only banks utilizing CNM services were affected.
Authorities are actively searching for at least four additional suspects involved in the operation.

Lauren Verno summarizes:

"The insider allegedly sold his credentials to hackers who used them to carry out a single night fraud operation targeting financial institutions connected to CNM."

4. Emergence of BERT Ransomware Group

Timestamp: [03:00]

A new ransomware entity named BERT (B-E-R-T) has been identified, actively targeting sectors such as healthcare, technology, and event services across Asia, Europe, and the United States. Characteristics of BERT include:

Infection Methods: Utilizes PowerShell scripts to disable security tools before deploying ransomware.
Extortion Tactics: Leaves a ransom note stating "hello from bert."
System Targets: Infects both Windows and Linux systems.
Origins: May be repurposing code from the defunct Revelgang group, suggesting potential connections to Russian cyber infrastructure.

Lauren Verno notes:

"BERT uses a PowerShell script to disable security tools before deploying the ransomware, which drops a note reading 'hello from bert.'"

5. Qantas Data Breach and Cybercriminal Contact

Timestamp: [04:40]

Australian airline Qantas reported a data breach affecting up to 6 million customers. Following the breach, the airline received contact from a "potential cyber criminal" concerning the incident. Details include:

Data Compromised: Names, emails, phone numbers, dates of birth, and frequent flyer numbers.
Data Security: No passport or credit card information was accessed.
Breach Source: Compromise originated from a third-party customer servicing platform.
Customer Notification: Qantas plans to inform affected customers about the specific personal data breached later in the week.

Lauren Verno elaborates:

"The breach originated from a compromise of a third-party customer servicing platform, exposing names, emails, phone numbers, dates of birth, and frequent flyer numbers."

6. Surge in Business Email Compromise (BEC) Attacks

Timestamp: [05:15]

Business Email Compromise (BEC) attacks have surged by 156% since the previous year, now constituting nearly 60% of confirmed cybersecurity threats. Factors contributing to this rise include:

Phishing-as-a-Service Tools: Platforms like Tycoon2FA and Cheap Info Stealer malware simplify the process for cybercriminals.
Credential Compromises: Enhanced techniques make it easier to steal employee credentials.
Attack Vectors: Facilitates BEC scams and ransomware deployments.

Lauren Verno points out:

"Identity-based cyber attacks have surged 156% since last year, now accounting for nearly 60% of confirmed threats."

7. Hackers Exploit Shelter Elite Tool

Timestamp: [05:55]

Hackers have been leveraging a leaked version of Shelter Elite, a legitimate antivirus and EDR evasion tool, to disseminate info-stealing malware. Key aspects of the breach include:

Source of Leak: Occurred due to a licensed customer who leaked their copy of the software.
Shelter Elite’s Response: The company acknowledged the breach but stated they were not notified by researchers who detected the malicious activity months earlier.
Mitigation Measures: An updated version of Shelter Elite has been released to address the vulnerabilities.

Lauren Verno remarks:

"Shelter Elite confirmed the breach came from a licensed customer saying, 'we discovered that a company which had recently purchased Shelter Elite licenses had leaked their copy of the software.'"

8. Thousands of Fake Amazon Domains Detected During Prime Day

Timestamp: [06:56]

Coinciding with Amazon Prime Day, researchers identified over 1,000 fake domains mimicking Amazon’s online presence. Approximately 87% of these domains were flagged as malicious or suspicious. Tactics employed by scammers include:

Fake Login Pages: Designed to harvest user credentials.
Phishing Emails: Emails that spoof Amazon support to deceive users into clicking fraudulent refund links.
Campaign Examples: Recent campaigns involve spam emails urging users to "shop wisely" while directing them to counterfeit refund portals.

Lauren Verno explains:

"Scammers are using fake login pages and phishing emails designed to steal credentials, with one recent campaign spam spoofing Amazon support to trick users into clicking fraudulent refund links."

9. Security Concerns Surrounding Large Language Models (LLMs)

Timestamp: [07:27]

The episode touches on the burgeoning security challenges associated with Large Language Models (LLMs). Key concerns include:

Scalability Issues: The vast scale of LLMs complicates validation and monitoring efforts.
Human Oversight Limitations: Incorporating humans into the validation loop is impractical at scale.
Current Solutions: Many approaches rely on deploying another LLM to manage and mitigate security issues, raising questions about the sustainability of such methods.

The podcast teaser mentions an upcoming episode titled "Not Enough Hallucinations," which aims to explore these challenges in depth.

Conclusion

This episode of Cyber Security Headlines offers a thorough exploration of recent cybersecurity incidents and trends, highlighting the dynamic and evolving nature of cyber threats. From vulnerabilities in popular software and insider threats to the rise of sophisticated ransomware groups and the challenges posed by emerging technologies like LLMs, the episode underscores the critical need for robust cybersecurity measures across all sectors.

For more in-depth coverage and daily updates, listeners are encouraged to visit CISOseries.com.

Note: Advertisements, sponsorship messages, and non-content sections have been excluded to maintain focus on the core cybersecurity topics discussed in the episode.

Loading summary

Transcript19 lines

[00:00]
Unknown Host
From the CISO series. It's Cybersecurity Headlines.
[00:07]
Lauren Verno
These are the cybersecurity headlines for Tuesday, July 8, 2025. I'm Lauren Verno. Call of Duty game pulled from PC Store after reported exploit call of duty World War II was quietly removed from the Microsoft Store over the weekend after after players reported their computers were being hijacked mid game. According to cyberscoop. The issue may stem from a remote code execution vulnerability tied to the game's peer to peer networking model. Some users reported their computers being shut down or their desktop images changed to pornographic content. As of this recording, EA Activision has not confirmed why the game was taken offline. US Military gets cybersecurity boost Congress has passed and President Trump has signed a sweeping tax and spending bill that includes hundreds of millions in cybersecurity funding, largely focused on military priorities. Key allocations include 250 million for US cyber commands, AI initiatives, 20 million for DARPA cybersecurity programs, and 1 million for Indo Pacific Command's cyber offensive operations. Now, Democrats have criticized the package for excluding funding for cisa, arguing it overlooks key threats and weakens federal cybersecurity infrastructure.
[01:44]
Unknown Contributor
Now, on the opposite side of the.
[01:45]
Lauren Verno
Aisle, Republicans argue national defense and military readiness are core drivers of the bill's cybersecurity spending. Bank employee helped hackers steal 100 million Brazilian police arrested an IT employee accused of giving hackers inside access that led to over 540 million Brazilian Reyes. That's about roughly 100 million in US dollars from the country's Pix banking system. The insider allegedly sold his credentials to hackers who used them to carry out a single night fraud operation targeting financial institutions connected to cnm, a software vendor. The attack did not impact individual users, only banks using CNM services. Police are still looking for at least four other suspects allegedly tied to the attack. BERT Ransomware Emerges A new ransomware group called bert, that's B E R T is actively targeting healthcare, tech and event services companies across Asia, Europe and the US Infecting both Windows and Linux systems discovered back in April. Bert uses a PowerShell script to disable security tools before deploying the ransomware, which drops a note reading hello from bert.
[03:16]
Unknown Contributor
Researchers say the malware is still evolving.
[03:19]
Lauren Verno
And may reuse code from the defunct Revelgang, with possible links to Russian infrastructure.
[03:30]
Unknown Contributor
Huge thanks to our episode sponsor Vanta. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks, but more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like polic access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's V A N T A dot com headlines cybercriminals reach out to Airline Following a.
[04:40]
Lauren Verno
Data breach that we first reported last week, Australian airline Qantas now says a quote, potential cyber criminal, end quote, has contacted the company regarding the incident that may have impacted up to 6 million customers. Now the airline did not name the suspected hacker but confirmed the breach state stemmed from a compromise of a third party customer servicing platform exposing names, emails, phone numbers, dates of birth and frequent flyer numbers. Though no passport or credit information was taken, the airline says it will begin informing customers about exactly what personal data of theirs was compromised later this week. Rise of the Cheap Breach Identity based cyber attacks have surged 156% since last year, now accounting for nearly 60% of confirmed threats. That's according to eCentire. Researchers point to phishing as a service tools like Tycoon2FA and Cheap Info stealer malware as key drivers, making it easier than ever for cybercriminals to compromise employee credentials and and launch BEC scams or ransomware attacks. Hackers exploit Shelter Elite tool Hackers have been using a leaked version of Shelter Elite, a legitimate AV EDR evasion tool, to deliver info stealer malware. Shelter Elite confirmed the breach came from a licensed customer saying quote, we discovered that a company which had recently purchased Shelter Elite licenses had leaked their copy of the software, end quote. While researchers spotted the activity months ago, Shelter says it was never notified. An updated version has since been released. Thousands of fake Amazon domains detected deals in steals as hackers coincidentally kick off one of their favorite days, Amazon Prime Day. Researchers have detected over 1000 lookalike domains.
[06:57]
Unknown Contributor
Mimicking Amazon or Amazon prime in June.
[07:00]
Lauren Verno
Alone, 87% of which were flagged as malicious or suspicious. Kicking off on July 8. Scammers are using fake login pages and.
[07:11]
Unknown Contributor
Phishing emails designed to steal credentials, with.
[07:14]
Lauren Verno
One recent campaign spam spoofing Amazon support to trick users into clicking fraudulent refund links. Your friendly reminder to shop wisely.
[07:27]
Unknown Contributor
Large language models present a problem with their scale. How can you do any kind of validation or monitoring with a human in the loop. So far, most solutions have used another LLM to solve the problem.
[07:41]
Lauren Verno
But is that a sustainable approach?
[07:44]
Unknown Contributor
That's one of the questions we're going to try to answer on this week's episode of the CISO Series podcast. Look for not enough hallucinations. Let's outfit your LLM with another LLM wherever you get your podcast. And if you have some thoughts on the news from today or about the.
[08:03]
Lauren Verno
Show in general, be sure to reach.
[08:05]
Unknown Contributor
Out to us@feedbacksoseries.com or we'd love to hear from you.
[08:11]
Lauren Verno
I'm Lauren Verno reporting for the CISO Series.
[08:17]
Unknown Host
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.