Cybersecurity Roundup: World Cup Scams, VPN Crackdowns, and Surveillance Abuses
The 2024 World Cup has brought excitement for fans but also a surge in cyber threats. Scammers are exploiting the event with fake streaming sites, counterfeit ticket schemes, fraudulent betting apps, and dubious crypto offers, targeting unsuspecting supporters.
Meanwhile, VPN usage is rising globally, driven by age-verification laws and location-based censorship. In India, users are bypassing a national Telegram ban imposed to curb exam cheating. While VPNs enhance privacy by shielding data from ISPs, governments, and hackers, their legality varies by country. Some nations, including unexpected ones, impose restrictions or outright bans. However, VPNs aren’t a security cure-all tests show they don’t reliably secure cheaper airfare, and using one for online banking can create more risks than it solves.
In law enforcement, concerns are growing over misuse of surveillance tools. Flock Safety, a network of license plate-reading cameras, has been exploited by police officers for personal stalking. A recent report revealed at least a dozen cases where officers abused access to Flock’s database, including one who ran his ex-girlfriend’s plate 69 times and searched her parents’ vehicles. Despite internal warnings, the behavior persisted, highlighting the risks of unchecked surveillance systems.
Gamers face a new threat as malware spreads via Steam Workshop through Wallpaper Engine, a popular desktop customization tool. Attackers uploaded malicious "application wallpapers" executable files disguised as widgets that install backdoors, hijack Steam accounts, or mine cryptocurrency. While Steam removed the reported threats, some infected files had already been downloaded tens of thousands of times.
Finally, Maine’s data breach portal was temporarily shut down after fake breach notices were filed. The state’s transparency law requires companies to report breaches within 30 days, but the system lacks verification, allowing fraudulent submissions. Two false reports claimed breaches at Discord and VRChat, both of which denied the incidents. The portal was disabled pending verification measures, leaving the motive behind the fake filings unclear whether mischief or an attempt to spread misinformation.
Flock Safety TPRM report: https://www.rankiteo.com/company/flock-safety
"id": "flo1782132974",
"linkid": "flock-safety",
"type": "Breach",
"date": "6/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'law enforcement technology',
'location': 'United States',
'name': 'Flock Safety',
'type': 'surveillance technology provider'},
{'customers_affected': 'tens of thousands',
'industry': 'video games',
'location': 'Global',
'name': 'Steam Workshop (Wallpaper Engine)',
'type': 'gaming platform'},
{'industry': 'public sector',
'location': 'Maine, United States',
'name': "Maine's data breach portal",
'type': 'government portal'},
{'industry': 'technology',
'location': 'Global',
'name': 'Discord',
'type': 'communication platform'},
{'industry': 'technology',
'location': 'Global',
'name': 'VRChat',
'type': 'social platform'}],
'attack_vector': ['phishing', 'malicious file upload', 'system exploitation'],
'data_breach': {'personally_identifiable_information': ['license plate data',
'Steam account '
'credentials'],
'sensitivity_of_data': ['high'],
'type_of_data_compromised': ['license plate data',
'Steam account credentials']},
'description': 'The 2024 World Cup has brought a surge in cyber threats, '
'including fake streaming sites, counterfeit ticket schemes, '
'fraudulent betting apps, and dubious crypto offers. '
'Additionally, VPN misuse, surveillance tool abuses, malware '
'via Steam Workshop, and fake data breach filings were '
'reported.',
'impact': {'brand_reputation_impact': ['Discord', 'VRChat'],
'data_compromised': ['license plate data',
'Steam account credentials'],
'downtime': ["Maine's data breach portal"],
'identity_theft_risk': ['Steam users'],
'systems_affected': ['Steam Workshop',
"Maine's data breach portal"]},
'motivation': ['financial gain',
'personal stalking',
'cryptocurrency mining',
'misinformation'],
'references': [{'source': 'Cybersecurity Roundup'}],
'response': {'containment_measures': ['Steam removed malicious files',
'Maine disabled breach portal']},
'threat_actor': ['scammers',
'malicious gamers',
'rogue law enforcement officers'],
'title': 'Cybersecurity Roundup: World Cup Scams, VPN Crackdowns, and '
'Surveillance Abuses',
'type': ['scam', 'surveillance abuse', 'malware', 'data breach hoax']}