Banking and Finance

December 15, 2025

After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that cybercriminals were abusing a PayPal feature that allows merchants to pause a customer’s subscription. Read more… Source: Malwarebytes Labs Sign up ...

December 8, 2025

During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don’t just grab a username and password–they also ask for answers to secret questions and other “backup” data that attackers can use to bypass multi-factor ...

December 4, 2025

The final actions in a sweeping international operation have successfully dismantled a large-scale cryptocurrency fraud and money laundering network that had laundered over EUR 700 million. Coordinated across multiple jurisdictions, these actions, carried out last month and earlier this week, mark the culmination of years of investigation and the effective disruption of a criminal operation ...

December 3, 2025

In February 2024, Group-IB uncovered sophisticated mobile threat campaigns that show how fast banking malware is evolving across the Asia-Pacific region. Ongoing monitoring of this evolving threat revealed a surge of aggressive mobile Trojans targeting both iOS and Android users, all operated by a single threat actor tracked as GoldFactory. Since releasing our initial report, we ...

December 3, 2025

Fintech company Marquis is notifying dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year. Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack. Texas-based Marquis is a marketing and compliance ...

November 28, 2025

ENBANTEC is a global conference which is one of the most important and prestigious conferences in EMEA region with its focus on Cyber Security, IT Security, Network Security, Data Security, Cloud Security, Mobile Security, Endpoint Security and Identity and Access Management. With 185+ attendees, 40+ speakers, ENBANTEC 2025 Conference was organized very successfully. An intensive ...

November 25, 2025

The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the ...

November 24, 2025

Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers’ data was stolen during a cyberattack on a New York financial technology company earlier this month. SitusAMC, which provides technology for over a thousand commercial and real estate financiers, confirmed in a statement over the weekend that it had ...

November 6, 2025

The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically ...

October 23, 2025

President Donald Trump has pardoned Binance founder Changpeng Zhao, who pleaded guilty to a money laundering charge in 2023, the White House said Thursday. White House press secretary Karoline Leavitt said in a statement that Trump “exercised his constitutional authority by issuing a pardon for Mr. Zhao, who was prosecuted by the Biden Administration in their ...

October 22, 2025

From August 26 to 27, 2025, BetterBank, a decentralized finance (DeFi) protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in digital assets. Following on-chain negotiations, the attacker returned approximately $2.7 million in assets, mitigating the ...

October 21, 2025

Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”. However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants ...

October 15, 2025

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...

September 30, 2025

HSBC has warned business banking customers that personal identification documents submitted during account applications may have been compromised following unauthorised access to a third-party platform. In an email sent to customers earlier this month, the bank confirmed that identity documents, images and contact details provided when opening a business account were exposed in the breach. HSBC ...

September 26, 2025

A data spill from an unsecured cloud server has exposed hundreds of thousands of sensitive bank transfer documents in India, revealing account numbers, transaction figures, and individuals’ contact details. Researchers at cybersecurity firm UpGuard discovered in late August a publicly accessible Amazon-hosted storage server containing 273,000 PDF documents relating to bank transfers of Indian customers. Read more… Source: ...

September 12, 2025

Vietnam is investigating a serious cyberattack on a large database that contains information about creditors across the country. The database belongs to the National Credit Information Center, also known as CIC. This center is managed by the State Bank of Vietnam and is responsible for storing highly sensitive financial data. The information inside the database includes ...

August 29, 2025

One of Australia’s largest banks has apologised to staff who found out they had been fired through an automated email asking them to hand back their laptops. ANZ’s retail banking executive Bruce Rush said it was “not our intention to share such sensitive news with you in this way” as the firm cuts jobs in its ...

August 28, 2025

European banks temporarily froze PayPal transactions worth billions after fraud system failure triggered widespread suspension of direct debits and delayed payments for online merchants and customers. A number of German lenders, including Bayerische Landesbank, Hessische Landesbank and DZ-Bank, reportedly halted direct debits linked to the online payment platform after detecting suspicious activity. German newspaper Süddeutsche Zeitung ...

August 28, 2025

Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information was ...

August 19, 2025

In September 2024, Kaspersky researchers detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers ...