Banking and Finance

  • ShinyHunters: Cyber Criminal Group Attacks Learning Management System

    May 15, 2026

    The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which ...

  • Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

    May 11, 2026

    Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...

  • Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware

    May 6, 2026

    Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them “medium confidence” in saying it was the work of MuddyWater, which has ...

  • More PayPal emails hijacked to deliver tech support scams

    April 30, 2026

    Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer ...

  • JanelaRAT: A financial threat targeting users in Latin America

    April 13, 2026

    JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between ...

  • Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

    April 6, 2026

    The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, ...

  • Iran threatens to start attacking major US tech firms on April 1

    March 31, 2026

    Iran’s Islamic Revolutionary Guard Corps warned Tuesday that it plans to begin attacking more than a dozen American companies across the Middle East on Wednesday in retaliation for the killing of Iranian citizens in the ongoing war with the US and Israel. The list of companies includes Apple, Google, IBM, Intel, Microsoft, Tesla, and Boeing, which ...

  • Beyond Compliance: How Financial Institutions Can Meet New Fraud-Sharing Mandates While Respecting Privacy

    March 30, 2026

    Authorized Push Payment (APP) fraud is one of the most damaging forms of digital deception. The pattern repeats itself thousands of times each year: an email from the bank’s security team warning of suspicious activity. A phone call that follows immediately. The caller ID matches. The “fraud prevention officer” knows details about recent transactions. Within minutes, ...

  • Cloud Phones: The Invisible Threat

    March 25, 2026

    What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy ...

  • Unpacking a new Horabot campaign in Mexico

    March 18, 2026

    In this instalment of Kaspersky SOC Files series, Kaspersky researchers will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research ...

  • Halifax and Lloyds customers hit by online data breach

    March 12, 2026

    Lloyds, Halifax and Bank of Scotland customers were given access to strangers’ banking transactions in a major online data breach this morning. Customers were able to view charges and payments on their banking apps that were not linked to their own transactions following the suspected technical glitch. Wage payments, HMRC reference numbers and other personal transactions were ...

  • BeatBanker: A dual‑mode Android Trojan

    March 10, 2026

    Recently, Kaspersky researchers uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other ...

  • Taiwan Indicts 62 Over Laundering $339M From Crypto Scam Compounds in Cambodia

    March 4, 2026

    Taiwanese prosecutors have indicted 62 people over their alleged links to Prince Group, a network designated as a transnational criminal organization by the U.S. Department of Justice. According to a report by Reuters, those indicted include the group’s chairman and alleged mastermind Chen Zhi, who was arrested in Cambodia and extradited to China earlier this year.Thirteen ...

  • CIMB refutes claims of data breach involving 1.2 million records

    March 4, 2026

    CIMB Group Holdings Bhd has given assurance that claims circulating online about a data breach involving its customers are false and that customer data continues to be protected. The financial services provider said on social media platform X that its security teams have verified that all systems are secure and that customer data remains fully safeguarded. ...

  • Hacker gained access to PayPal systems resulting in unauthorised transactions

    February 22, 2026

    Some PayPal users have started to receive email from the company confirming a data breach that exposed personal information to a threat actor who gained access to PayPal’s systems, leading to some seeing unauthorized transactions on their accounts and the resetting of passwords. A breach notification letter, which the authors have verified, has confirmed that some ...

  • FBI: Increase in malware enabled ATM jackpotting incidents across United States

    February 19, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the ...

  • Data breach at fintech giant Figure affects close to a million customers

    February 18, 2026

    The data breach that hit blockchain-based lending giant Figure affected nearly a million customers, according to a security researcher. Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems. The company did not provide specifics on what kind of data was stolen nor say how many customers ...

  • UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering

    February 9, 2026

    North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector, attributed to UNC1069, a financially motivated threat actor active since at least 2018. This investigation revealed a tailored intrusion resulting in the deployment of seven unique ...

  • North Korean Labyrinth Chollima is morphing into three separate entities

    January 30, 2026

    One of the largest and most successful North Korean state-sponsored threat actors has split into three separate entities, each with their own tactics, malware tools, targets, and goals, experts have warned. In a recent in-depth analysis, researchers from CrowdStrike expalined the move is a strategic evolution to make Labyrinth Chollima cyberattacks more efficient, and that the ...

  • Marquis confirms data breach, point finger of blame at SonicWall firewall

    January 30, 2026

    Marquis, a US fintech company building software for banks and credit unions, has confirmed suffering a ransomware attack and losing sensitive customer data, but shifted the blame onto its firewall provider, SonicWall. In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall ...