Skip to main content

Tag: financial sector

43 articles

Cluttered developer workstation with laptop, papers, and coffee cups.

OkoBot Malware Targets Crypto Users Worldwide

Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

Analyst 207
Mexican bank branch interior with concerned customer on smartphone.

SCMBANKER Malware Targets Mexican Banking Users with ClickFix Lures

Mexican banking customers beware: a sneaky new malware campaign, dubbed REF6045, is using fake CAPTCHA pages and social tricks to install a powerful PowerShell toolkit called SCMBANKER on unsuspecting victims' devices. This stealthy attack has been targeting Mexico's financial ecosystem, putting fintech users, payment-processor clients, and cryptocurrency exchange customers at risk.

Analyst 207
Secure facility interior with a symbolic payment terminal or encrypted data storage device.

US Government Entity Pays $1 Million to Thwart Data Leak

A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Analyst 207
Payment terminal in a brightly-lit retail setting with neutral background.

Oracle E-Business Suite Flaw CVE-2026-46817 Sees Active Exploitation

A critical flaw in Oracle Payments, known as CVE-2026-46817, is being actively exploited by hackers, allowing them to easily take control of vulnerable Oracle E-Business Suite instances. This easily exploitable vulnerability has a near-perfect CVSS score of 9.8, making it a high-risk threat to organizations using Oracle Payments.

Analyst 207
Sensitive documents scattered on a desk in a secure government office with a computer screen in the background.

Oracle Flaw Exposes US Citizens' Credit Data in NAIC Breach

A recent breach at the National Association of Insurance Commissioners exposed US citizens' sensitive credit data, prompting swift action and FBI coordination to mitigate the damage. The hack was made possible by a zero-day vulnerability in Oracle PeopleSoft, which was exploited by attackers to gain unauthorized access.

Analyst 207
Cluttered tech workspace with laptop and papers, background blurred.

Microsoft Links North Korea to Mastra AI Supply Chain Compromise

Microsoft has uncovered a massive supply chain attack on the npm registry, where over 140 packages were compromised, and has linked the operation with high confidence to Sapphire Sleet, a notorious North Korean state actor known for targeting the financial sector. This large-scale attack highlights the growing threat of North Korean hacking groups.

Analyst 207
Financial sector setting with technology integration and cityscape in background.

Microsoft attributes Mastra AI supply chain attack to North Korean hackers Sapphire Sleet

Microsoft warns that a recent supply chain attack on the Mastra AI npm environment was carried out by Sapphire Sleet, a notorious North Korean hacking group known for targeting the financial sector. This latest incident is part of a larger pattern of attacks that exploit open-source distribution channels.

Analyst 207
Dimly lit university office with laptop, papers, and books, hinting at secretive activity.

ClickFix Campaigns Leverage New Loaders in Malware Delivery Push

Meet the BabaDeda Loader, a stealthy malware framework that's evolved to deliver a wider range of threats, including information stealers and remote access trojans, with alarming effectiveness. This revamped loader combines multiple evasion techniques to target vulnerable organizations, particularly in education and finance.

Analyst 207
People work at computer workstations in a dimly lit indoor software development workspace.

North Korean Hackers Exploit Developer Tools in Malware Campaigns

North Korean hackers have launched a sneaky malware campaign, tricking victims into executing cross-platform malware for macOS, Linux, and Windows through malicious scripts hidden in GitHub repositories. Their latest tactic, dubbed UNK_DeadDrop, uses recruitment lures to deliver self-running code to over 75% of targeted organizations across various sectors.

Analyst 207
Brightly-lit office setting with server room in background and blurred computer terminal hinting at third-party vendor…

SoFi Hong Kong Breach Exposes Customer Data at Third-Party Vendor

SoFi Hong Kong recently discovered a data breach at a third-party vendor that exposed customer information, with unauthorized access detected on April 30, 2026. The company's investigation is ongoing, but it confirmed the breach originated from a vendor, not its internal systems.

Analyst 207
Brightly lit coding workspace with laptop showing GitHub/GitLab page surrounded by coding materials and documents.

North Korean Hackers Exploit Coding Lures to Steal Crypto Credentials

In a sneaky move, North Korean hackers sent over 250 emails with innocent-looking coding tasks to nearly 100 US-based organizations, tricking them into handing over cryptocurrency credentials. The clever phishing scam, tracked as UNK_DeadDrop, targeted tech, education, and finance firms, with a special focus on cryptocurrency companies.

Analyst 207
Person in a corporate office hallway holds a small device, looking concerned.

Extortion Gang Exploits Corporate Networks with In-Person Visits

Meet UNC3753, a notorious extortion gang that's taking corporate hacking to a whole new level - from deceitful phone calls to in-person visits, where they show up at companies' doorsteps with thumb drives, targeting dozens of US banks, law firms, and professional services firms in just a few short months. Their tactics have evolved from fake emails to help-desk calls and now, brazen doorstep drop-offs.

Analyst 207
Blurred computer screen on a well-lit office desk with scattered papers and supplies.

Hackers Infiltrate Stock Exchange Executive's Outlook Mailbox for Months

Hackers stealthily infiltrated a senior stock exchange executive's Outlook mailbox, maintaining months-long control of their computer by masquerading as legitimate software. The alarming breach, detected as early as October 10, 2025, allowed the intruder to operate with SYSTEM-level privileges, the highest level of Windows access.

Analyst 207
Professionals in a brightly-lit data center with server racks and a large computer screen.

UK Banks Gain Access to OpenAI's GPT-5.5 Cyber Model

UK banks are now part of an exclusive group gaining early access to OpenAI's cutting-edge GPT-5.5 Cyber model, a powerful AI tool designed to bolster their defenses against sophisticated cyber threats. This move comes as Anthropic's rival program, Project Glasswing, expands to 200 partners, leaving some UK banks to tap into OpenAI's innovative solution instead.

Analyst 207
Cluttered developer's workstation with coding interface on screen.

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials

A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

Analyst 207
Well-lit conference room with large wooden table and chairs in a modern British financial sector office.

UK Firms Bolster Cyber Defenses as AI Risks Mount

As uncertainty becomes the new normal, UK businesses are bolstering their cyber defenses, with 68% of leaders planning to boost cybersecurity investment over the next year. Despite this, many remain vulnerable, with fewer than three in 10 confident in their ability to respond to a major cyber incident.

Analyst 207
Brightly-lit financial sector setting with computer workstation in background.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks

The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

Analyst 207
Person holding smartphone stands among others in a modern financial district.

Cross-Border Payments Speed Up, Fraud Defenses Lag

As Southeast Asia's payment systems turbocharge with initiatives like Project Nexus, a pressing concern emerges: can the region's defenses against scams and fraud keep pace, or will they leave billions vulnerable to losses, like Singapore's staggering $713 million hit in 2025?

Analyst 207
Financial sector setting with subtle tech integration, conveying disruption.

AI Botnets Fuel DDoS Surge in Financial Sector

The financial sector saw a staggering 2.41 billion network- and transport-layer denial-of-service attacks in 2025, with banking bearing the brunt, accounting for 60% of total web attacks and over 80% of API-related incidents. TurboMirai, a powerful AI botnet, was a key driver of this alarming surge, fueling attacks that lasted a whopping 738% longer than usual.

Analyst 207
Blurred office setting with computer workstation and file cabinet in background.

Ransomware Breach Exposes 123,000 at American Lending Center

A ransomware attack on American Lending Center compromised the personal data of 123,000 individuals after a threat actor infiltrated the company's internal network and accessed sensitive files. The breach was discovered nine months prior to notification, on July 27, 2025, but consumers weren't alerted until April 28, 2026.

Analyst 207
Security operations center with computer workstation and servers in the background.

European Banks Face AI-Driven Cyber Threats, Urged to Accelerate Defenses

European banks are being urged to rapidly bolster their cyber defenses as AI-driven threats escalate, with the ECB's vice-chair warning that inaction is not an option. Banks must adopt bank-specific, risk-based measures and redouble efforts to identify vulnerabilities using existing AI tools.

Analyst 207
A somber-colored file folder lies on a desk with a blurred computer screen in the background.

US Bank Self-Reports Data Leak to Unauthorized AI App

A US bank has taken swift action, self-reporting a data leak that exposed sensitive customer information to an unauthorized AI app, sparking concerns over the volume and sensitivity of the compromised data. The bank's proactive disclosure to regulators and customers highlights its commitment to transparency in the face of a data-handling lapse.

Analyst 207
Brazilian bank interior with customers and staff, smartphone in foreground.

TCLBANKER Trojan Targets Brazil's Financial Sector via WhatsApp Worms

A new Brazilian banking trojan, dubbed TCLBANKER, is targeting the country's financial sector via WhatsApp worms, marking a significant evolution in the threat landscape. This malware can compromise 59 banking, fintech, and cryptocurrency platforms, making it a major player in the region.

Analyst 207
Crypto executive looks concerned at laptop with subtle scheduling software on screen.

North Korean Hackers Exploit Fake Zoom Meetings to Target Crypto Executives

North Korean hackers are using a sneaky tactic to target crypto executives: they pose as legitimate meeting attendees, harvesting video and audio to make future scams more convincing. They start by sending Calendly invites for fake catch-up meetings, then swap the link with a fake Zoom or Teams URL to gain their victim's trust.

Analyst 207