Tag: financial sector
43 articles

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

SCMBANKER Malware Targets Mexican Banking Users with ClickFix Lures
Mexican banking customers beware: a sneaky new malware campaign, dubbed REF6045, is using fake CAPTCHA pages and social tricks to install a powerful PowerShell toolkit called SCMBANKER on unsuspecting victims' devices. This stealthy attack has been targeting Mexico's financial ecosystem, putting fintech users, payment-processor clients, and cryptocurrency exchange customers at risk.

US Government Entity Pays $1 Million to Thwart Data Leak
A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Oracle E-Business Suite Flaw CVE-2026-46817 Sees Active Exploitation
A critical flaw in Oracle Payments, known as CVE-2026-46817, is being actively exploited by hackers, allowing them to easily take control of vulnerable Oracle E-Business Suite instances. This easily exploitable vulnerability has a near-perfect CVSS score of 9.8, making it a high-risk threat to organizations using Oracle Payments.

Oracle Flaw Exposes US Citizens' Credit Data in NAIC Breach
A recent breach at the National Association of Insurance Commissioners exposed US citizens' sensitive credit data, prompting swift action and FBI coordination to mitigate the damage. The hack was made possible by a zero-day vulnerability in Oracle PeopleSoft, which was exploited by attackers to gain unauthorized access.

Microsoft Links North Korea to Mastra AI Supply Chain Compromise
Microsoft has uncovered a massive supply chain attack on the npm registry, where over 140 packages were compromised, and has linked the operation with high confidence to Sapphire Sleet, a notorious North Korean state actor known for targeting the financial sector. This large-scale attack highlights the growing threat of North Korean hacking groups.

Microsoft attributes Mastra AI supply chain attack to North Korean hackers Sapphire Sleet
Microsoft warns that a recent supply chain attack on the Mastra AI npm environment was carried out by Sapphire Sleet, a notorious North Korean hacking group known for targeting the financial sector. This latest incident is part of a larger pattern of attacks that exploit open-source distribution channels.

ClickFix Campaigns Leverage New Loaders in Malware Delivery Push
Meet the BabaDeda Loader, a stealthy malware framework that's evolved to deliver a wider range of threats, including information stealers and remote access trojans, with alarming effectiveness. This revamped loader combines multiple evasion techniques to target vulnerable organizations, particularly in education and finance.

North Korean Hackers Exploit Developer Tools in Malware Campaigns
North Korean hackers have launched a sneaky malware campaign, tricking victims into executing cross-platform malware for macOS, Linux, and Windows through malicious scripts hidden in GitHub repositories. Their latest tactic, dubbed UNK_DeadDrop, uses recruitment lures to deliver self-running code to over 75% of targeted organizations across various sectors.

SoFi Hong Kong Breach Exposes Customer Data at Third-Party Vendor
SoFi Hong Kong recently discovered a data breach at a third-party vendor that exposed customer information, with unauthorized access detected on April 30, 2026. The company's investigation is ongoing, but it confirmed the breach originated from a vendor, not its internal systems.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials
In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

Extortion Gang Exploits Corporate Networks with In-Person Visits
Meet UNC3753, a notorious extortion gang that's taking corporate hacking to a whole new level - from deceitful phone calls to in-person visits, where they show up at companies' doorsteps with thumb drives, targeting dozens of US banks, law firms, and professional services firms in just a few short months. Their tactics have evolved from fake emails to help-desk calls and now, brazen doorstep drop-offs.

Hackers Infiltrate Stock Exchange Executive's Outlook Mailbox for Months
Hackers stealthily infiltrated a senior stock exchange executive's Outlook mailbox, maintaining months-long control of their computer by masquerading as legitimate software. The alarming breach, detected as early as October 10, 2025, allowed the intruder to operate with SYSTEM-level privileges, the highest level of Windows access.

UK Banks Gain Access to OpenAI's GPT-5.5 Cyber Model
UK banks are now part of an exclusive group gaining early access to OpenAI's cutting-edge GPT-5.5 Cyber model, a powerful AI tool designed to bolster their defenses against sophisticated cyber threats. This move comes as Anthropic's rival program, Project Glasswing, expands to 200 partners, leaving some UK banks to tap into OpenAI's innovative solution instead.

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials
A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

UK Firms Bolster Cyber Defenses as AI Risks Mount
As uncertainty becomes the new normal, UK businesses are bolstering their cyber defenses, with 68% of leaders planning to boost cybersecurity investment over the next year. Despite this, many remain vulnerable, with fewer than three in 10 confident in their ability to respond to a major cyber incident.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks
The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

Cross-Border Payments Speed Up, Fraud Defenses Lag
As Southeast Asia's payment systems turbocharge with initiatives like Project Nexus, a pressing concern emerges: can the region's defenses against scams and fraud keep pace, or will they leave billions vulnerable to losses, like Singapore's staggering $713 million hit in 2025?

AI Botnets Fuel DDoS Surge in Financial Sector
The financial sector saw a staggering 2.41 billion network- and transport-layer denial-of-service attacks in 2025, with banking bearing the brunt, accounting for 60% of total web attacks and over 80% of API-related incidents. TurboMirai, a powerful AI botnet, was a key driver of this alarming surge, fueling attacks that lasted a whopping 738% longer than usual.

Ransomware Breach Exposes 123,000 at American Lending Center
A ransomware attack on American Lending Center compromised the personal data of 123,000 individuals after a threat actor infiltrated the company's internal network and accessed sensitive files. The breach was discovered nine months prior to notification, on July 27, 2025, but consumers weren't alerted until April 28, 2026.

European Banks Face AI-Driven Cyber Threats, Urged to Accelerate Defenses
European banks are being urged to rapidly bolster their cyber defenses as AI-driven threats escalate, with the ECB's vice-chair warning that inaction is not an option. Banks must adopt bank-specific, risk-based measures and redouble efforts to identify vulnerabilities using existing AI tools.

US Bank Self-Reports Data Leak to Unauthorized AI App
A US bank has taken swift action, self-reporting a data leak that exposed sensitive customer information to an unauthorized AI app, sparking concerns over the volume and sensitivity of the compromised data. The bank's proactive disclosure to regulators and customers highlights its commitment to transparency in the face of a data-handling lapse.

TCLBANKER Trojan Targets Brazil's Financial Sector via WhatsApp Worms
A new Brazilian banking trojan, dubbed TCLBANKER, is targeting the country's financial sector via WhatsApp worms, marking a significant evolution in the threat landscape. This malware can compromise 59 banking, fintech, and cryptocurrency platforms, making it a major player in the region.

North Korean Hackers Exploit Fake Zoom Meetings to Target Crypto Executives
North Korean hackers are using a sneaky tactic to target crypto executives: they pose as legitimate meeting attendees, harvesting video and audio to make future scams more convincing. They start by sending Calendly invites for fake catch-up meetings, then swap the link with a fake Zoom or Teams URL to gain their victim's trust.