Category: Uncategorized

Sport fans can now sign up for a chance to attend the Los Angeles 2028 Olympic Games – with tickets starting at $28 (£21).

Registration has opened for fans to enter a random ticket draw covering all events that will take place at the Games. The window will remain open until mid-March.

If chosen, fans will be notified via email and will be given a time slot to purchase tickets in April. One million of those tickets will sell for $28, and about one-third are set to cost less than $100 (£74.41).

“These Games belong to everyone,” Casey Wasserman, the chairman of LA 2028 said on Tuesday. “These Games have to be affordable and inclusive.”

The announcement of affordable ticket prices come after the price of tickets for the 2026 men’s football World Cup – which will also be hosted in the US, as well as Canada and Mexico – received some public criticism.

Speaking to reporters on Tuesday, LA officials said affordability and accessibility were central to their ticketing plan – and their hope that sport fans around the globe would be able to attend.

Tickets for the 2024 Olympics in Paris started at $27.95 (£21).

A special early purchase window will also be open for residents in the Los Angeles area and Oklahoma City, where some Olympic Games are also being held.

2028 will be the first time the Olympics will be held in the US since the 1996 Games in Atlanta. Los Angeles has twice hosted the Olympics – in 1932 and 1984 – and plans to use its already established infrastructure to host the Games.

Event organisers, along with hundreds of Olympians and Paralympians, gathered at the LA Memorial Coliseum on Tuesday for a ceremonial lighting of the Olympic venue’s cauldron ahead of the opening of ticket registration.

The Coliseum hosted events on both the previous occasions that the Olympics were held in LA, and it is set to co-host the opening ceremony along with track and field events in 2028.

Organisers at the event on Tuesday explained how the ticketing would work.

Once registered – using their name, email and zip code – fans will be entered into the random draw for time slots to buy tickets in April. The earlier slot a fan is given, the better their chances at securing tickets – as being given a time slot does not guarantee that there will be tickets available once a time slot is open.

The first set of tickets will be up for purchase from 9-19 April. Admission for the opening and closing ceremonies of the Games will be among the tickets on offer.

Most of the Games will be held across Los Angeles and southern California, but both canoeing and softball will be held in Oklahoma.

LA28 chief Allison Katz-Mayfield called the random ticket-drawing process “the fairest way to ensure that the broadest number of people can get access to tickets and that no one is advantaged or disadvantaged”.

“No matter when you go in, whether you’re the first person in or the last person in, you have the same opportunity,” she added.

Registration for tickets will be open until 18 March, and there is no advantage to registering early.

A construction crane fell onto a moving train in north-eastern Thailand, killing at least 32 people and injuring 66 others.

The crane derailed the train and crushed some of its carriages, one of which caught fire. A one-year-old and an 85-year-old are among those injured, with seven people in critical condition, according to authorities.

BBC’s South East Asia correspondent, Jonathan Head, described the scene as “desperately grim” as he showed the damaged caused in the accident.

The State Railway of Thailand has launched an investigation into the incident and announced that it is taking legal action against the construction company responsible for the crane.

Read the full story here.

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.

“Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (which they often rename) to execute their code,” Trellix said in a report shared with The Hacker News. “This DLL side-loading technique allows the malware to bypass traditional signature-based security defenses.”

The campaign has been observed distributing a wide assortment of malware, such as Agent Tesla, CryptBot, Formbook, Lumma Stealer, Vidar Stealer, Remcos RAT, Quasar RAT, DCRat, and XWorm.

Targets of the malicious activity include employees in finance, procurement, supply chain, and administration roles within commercial and industrial sectors like oil and gas and import and export, with lures written in Arabic, Spanish, Portuguese, Farsi, and English, suggesting the attacks are restricted to a specific region.

The attack hinges on placing a malicious version of the DLL in the same directory as the vulnerable binary, taking advantage of the fact that it’s susceptible to search order hijacking to execute the contents of the rogue DLL instead of its legitimate counterpart, granting the threat actor code execution capabilities. The “ahost.exe” executable used in the campaign is signed by GitKraken and is typically distributed as part of GitKraken’s Desktop application.

An analysis of the artifact on VirusTotal reveals that it’s distributed under dozens of names, including, but not limited to, “RFQ_NO_04958_LG2049 pdf.exe,” “PO-069709-MQ02959-Order-S103509.exe,” “23RDJANUARY OVERDUE.INV.PDF.exe,” “sales contract po-00423-025_pdf.exe,” and “Fatura da DHL.exe,” indication the use of invoice and request for quote (RFQ) themes to trick users into opening it.

“This malware campaign highlights the growing threat of DLL sideloading attacks that exploit trusted, signed utilities like GitKraken’s ahost.exe to bypass security defenses,” Trellix said. “By leveraging legitimate software and abusing its DLL loading process, threat actors can stealthily deploy powerful malware such as XWorm and DCRat, enabling persistent remote access and data theft.”

The disclosure comes as Trellix also reported a surge in Facebook phishing scams employing the Browser-in-the-Browser (BitB) technique to simulate a Facebook authentication screen and deceive unsuspecting users into entering their credentials. This works by creating a fake pop-up within the victim’s legitimate browser window using an iframe element, making it virtually impossible to differentiate between a genuine and bogus login page.

“The attack often starts with a phishing email, which may be disguised as a communication from a law firm,” researcher Mark Joseph Marti said. “This email typically contains a fake legal notice regarding an infringing video and includes a hyperlink disguised as a Facebook login link.”

As soon as the victim clicks on the shortened URL, they are redirected to a phony Meta CAPTCHA prompt that instructs victims to sign in to their Facebook account. This, in turn, triggers a pop-up window that employs the BitB method to display a fake login screen designed to harvest their credentials.

Other variants of the social engineering campaign leverage phishing emails claiming copyright violations, unusual login alerts, impending account shutdowns due to suspicious activity, or potential security exploits. These messages are designed to induce a false sense of urgency and lead victims to pages hosted on Netlify or Vercel to capture their credentials. There is evidence to suggest that the phishing attacks may have been ongoing since July 2025.

“By creating a custom-built, fake login pop-up window within the victim’s browser, this method capitalizes on user familiarity with authentication flows, making credential theft nearly impossible to detect visually,” Trellix said. “The key shift lies in the abuse of trusted infrastructure, utilizing legitimate cloud hosting services like Netlify and Vercel, and URL shorteners to bypass traditional security filters and lend a false sense of security to phishing pages.”

The findings coincide with the discovery of a multi-stage phishing campaign that exploits Python payloads and TryCloudflare tunnels to distribute AsyncRAT via Dropbox links pointing to ZIP archives containing an internet shortcut (URL) file. Details of the campaign were first documented by Forcepoint X-Labs in February 2025.

“The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server,” Trend Micro said. “These scripts facilitated the download of batch files and further payloads, ensuring a seamless and persistent infection routine.”

A standout aspect of the attack is the abuse of living-off-the-land (LotL) techniques that employ Windows Script Host, PowerShell, and native utilities, as well as Cloudflare’s free-tier infrastructure to host the WebDAV server and evade detection.

The scripts staged on TryCloudflare domains are engineered to install a Python environment, establish persistence via Windows startup folder scripts, and inject the AsyncRAT shellcode into an “explorer.exe” process. In tandem, a decoy PDF is displayed to the victim as a distraction mechanism and misleads them into thinking that a legitimate document was accessed.

“The AsyncRAT campaign analyzed in this report demonstrates the increasing sophistication of threat actors in abusing legitimate services and open-source tools to evade detection and establish persistent remote access,” Trend Micro said. “By utilizing Python-based scripts and abusing Cloudflare’s free-tier infrastructure for hosting malicious payloads, the attackers successfully masked their activities under trusted domains, bypassing traditional security controls.”