Collecting Cyber-News from over 60 sources

Tag: finance

The noisy tenants: Engineering fairness in multi-tenant SIEM solutions

Apr 7, 2026 12:51 PM

Tags: ai, apache, api, cloud, compliance, control, crowdstrike, data, defense, detection, edr, endpoint, fedramp, finance, framework, incident response, infrastructure, intelligence, jobs, login, microsoft, monitoring, risk, saas, security-incident, service, siem, soc, software, strategy, threat, tool, update, vulnerability

24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts.Proactive threat hunting: Active searches for hidden threats rather than just waiting for automated triggers.AI and machine learning integration: Leveraging everything from basic anomaly detection to “Agentic AI” to reduce noise and accelerate investigations.Active incident response and containment: Capabilities to isolate endpoints…
The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security

Apr 6, 2026 11:51 PM

Tags: ai, attack, breach, chatgpt, finance, government, openai

The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. Tipping Points One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach ten Mexican government agencies and a financial institution….…
Best of the Worst: The Week Your Security Tools Became the Disguise

Apr 6, 2026 9:52 PM

Tags: ai, antivirus, attack, authentication, cisco, control, credentials, crime, detection, dkim, dmarc, email, finance, fraud, google, infrastructure, intelligence, Internet, malicious, malware, microsoft, phishing, phone, risk, social-engineering, software, technology, threat, tool, training

<div cla TL;DR This week’s Attack of the Day posts revealed a clear pattern: attackers are deliberately routing attacks through legitimate security and platform infrastructure so the tools themselves become trust signals. TitanHQ and Cisco URL wrappers hid a malware payload. Microsoft Safe Links rewrote a phishing URL to look protected. Microsoft Bookings sent a…
Why Cybersecurity Is the First Step in Preparing Your Company for an IPO

Apr 6, 2026 3:51 PM

Tags: cyber, cybersecurity, data, finance

Preparing for an Initial Public Offering (IPO) is a significant phase that requires careful planning across financial, legal, and operational areas. However, one critical factor that is often underestimated is cybersecurity. In the IPO journey, companies handle highly sensitive financial data, intellectual property, and regulatory disclosures, making them prime targets for cyber threats. A weak……
Major outage hits Russian banking apps, metro payments across regions

Apr 6, 2026 3:51 PM

Tags: banking, country, finance, russia

The disruption on Friday affected apps from some of the country’s largest banks, including Sberbank, VTB, Alfa-Bank, T-Bank and Gazprombank. First seen on therecord.media Jump to article: therecord.media/outage-hits-russian-banking-apps
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist

Apr 6, 2026 3:51 PM

Tags: blockchain, breach, crypto, cyber, finance, hacker, korea, north-korea

Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly…
Traffic violation scams switch to QR codes in new phishing texts

Apr 5, 2026 10:51 PM

Tags: finance, phishing, qr, scam, switch

Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited

Apr 5, 2026 10:51 AM

Tags: ai, attack, exploit, finance, group, identity, supply-chain, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/05/week-in-review-axios-npm-supply-chain-compromise-critical-forticlient-ems-bug-exploited/
What makes Non-Human Identities safe for companies

Apr 4, 2026 12:51 AM

Tags: finance, healthcare, service

Have You Ever Considered How Securing Non-Human Identities Could Transform Your Organization? Non-Human Identities (NHIs) security is increasingly crucial across various sectors, from financial services to healthcare and beyond. These machine identities are not mere technical entities but fundamental components that define a company’s cybersecurity. By understanding and managing NHIs effectively, organizations can bridge the……
One-Time Passcodes Are Gateway for Financial Fraud Attacks

Apr 4, 2026 12:51 AM

Tags: attack, authentication, control, exploit, finance, fraud

Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification. Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But OTP verification is less reliable as fraudsters increasingly exploit SMS-based verification weaknesses to carry out account takeover and payment fraud schemes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/one-time-passcodes-are-gateway-for-financial-fraud-attacks-a-31341
AutoSecT Mobile: Automating Android and iOS Security Testing

Apr 3, 2026 5:51 PM

Tags: android, banking, finance, mobile, phone, service

Your banking app knows your face. It reads your fingerprint. It trusts that the person holding the phone is really you. But what if it’s wrong? Mobile-first banking has made financial services more accessible than ever. You can transfer money, pay bills, and apply for loans all from your phone, all in seconds. But this……
Board-Ready Security Metrics That Actually Matter

Apr 3, 2026 4:51 PM

Tags: application-security, business, data, finance, governance, incident response, metric, risk

<div cla TL;DR Board-ready security metrics translate technical capabilities into financial risk and business outcomes. Boards need visibility across three dimensions: risk exposure, incident response capability, and governance compliance. Runtime application security contributes meaningful data points to these broader metrics, helping security leaders present more complete organizational risk assessments. First seen on securityboulevard.com Jump to…
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

Apr 3, 2026 2:51 PM

Tags: attack, breach, finance, guide, risk, saas, tool

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack surface, and most organizations are underprepared for it.Cynomi’s new guide, Securing the Modern…
Trusted Platforms Exploited to Steal Philippine Banking Credentials

Apr 3, 2026 11:51 AM

Tags: attack, banking, credentials, cyber, email, exploit, finance, hacker, phishing

Hackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongoing improvements in email security, phishing remains one of the most effective attack methods due to its scalability and ease of deployment. The campaign, active since early 2024 and still evolving in 2026, primarily targets customers…
Microsoft releases open-source toolkit to govern autonomous AI agents

Apr 3, 2026 8:51 AM

Tags: ai, finance, framework, infrastructure, microsoft, open-source

AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/microsoft-ai-agent-governance-toolkit/
Cryptohack Roundup: Charges in Uranium Finance Case

Apr 3, 2026 5:50 AM

Tags: china, crypto, exploit, finance, nvidia

Also: Chinese Firms Indicted in Crypto-Linked Fentanyl Supply Case. This week, charges filed in Uranium Finance hack, indictment of Chinese firms in fentanyl supply case, a class action lawsuit against Nvidia, Drift Protocol exploit, KuCoin operational barriers in the United States and a U.K. sanction filed against Xinbi. First seen on govinfosecurity.com Jump to article:…
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers

Apr 3, 2026 1:51 AM

Tags: access, advisory, attack, botnet, cctv, china, cloud, control, corporate, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, firmware, flaw, government, group, hacking, healthcare, infrastructure, intelligence, international, Internet, iot, iran, law, linux, malware, network, office, privacy, ransomware, resilience, risk, russia, service, supply-chain, technology, threat, tool, ukraine, unauthorized, update, vpn, vulnerability, warfare, windows, zero-day, zero-trust

TL;DR Security cameras, IoT, and OT devices that are meant to protect us, are easily compromised and turned against defenders, enabling nation-state reconnaissance (Iranian hacks on Hikvision/Dahua cameras during strikes, Russian webcam abuse in Ukraine), espionage via exposed live feeds, ransomware pivots (Akira group bypassing EDR), massive botnets (Mirai/Eleven11bot), and physical disruption. Structural weaknesses like…
State AG Sues Change Healthcare in 2024 Ransomware Attack

Apr 2, 2026 11:53 PM

Tags: attack, data, finance, group, healthcare, law, ransomware

Iowa Seeking Civil Monetary Fines, Damages for Alleged Violations. Iowa’s state attorney general is seeking financial damages, civil penalties and improvements to UnitedHealth Group’s data security practices for alleged violations of state and federal laws and other claims involving the 2024 ransomware attack on its Change Healthcare unit. First seen on govinfosecurity.com Jump to article:…
Reengineering AML in the Era of Instant Payments

Apr 2, 2026 8:51 PM

Tags: control, corporate, finance

Financial Institutions Are Rethinking Controls to Ensure Frictionless Transactions. When the Federal Reserve lifted FedNow’s transaction limit from $1 million to $10 million last November, the regulatory change transformed instant payments from a retail convenience to a corporate treasury rail. AML decisions on high-value instant wire transfers must now be made in real time. First…
MIWIC26: Nkiruka Joy Aimienoho, Chief Information Security Officer, Standard Chartered Bank NG

Apr 2, 2026 4:51 PM

Tags: cyber, finance

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
EvilTokens abuses Microsoft device code flow for account takeovers

Apr 2, 2026 3:51 PM

Tags: access, attack, automation, data, email, finance, infrastructure, microsoft, phishing, service, tool

A phishing package with post-compromise focus: Beyond the initial access vector, EvilTokens is structured as a full-service phishing platform. The kit provides affiliates with ready-to-use lures, infrastructure, and automation tools designed to carry out both the phishing phase and post-compromise activity.The lures used in the campaign include fake SharePoint document notifications, DocuSign requests, and account…
Bank Trojan ‘Casbaneiro’ Worms Through Latin America

Apr 2, 2026 3:51 PM

Tags: banking, cyber, detection, finance, usa, worm

Augmented Marauder’s multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bank-trojan-casbaneiro-worms-latin-america
Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign

Apr 2, 2026 1:52 PM

Tags: cyber, email, finance, government, hacker, malicious, password, phishing, rat, software, tool, ukraine

Hackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security tool, according to a new alert from the national cyber response team. Targets included government agencies, financial institutions, educational bodies, medical centers, and IT companies. The emails urged recipients to download a password-protected archive…
Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks

Apr 2, 2026 8:50 AM

Tags: authentication, finance, fintech, framework, mfa, passkey, risk, update

Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/bank-negara-malaysia-rmit-update-new-authentication-rules-for-fintech-and-banks/
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Apr 1, 2026 5:29 PM

Tags: apt, attack, exploit, finance, google, group, korea, north-korea, supply-chain, threat

Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
Security awareness is not a control: Rethinking human risk in enterprise security

Apr 1, 2026 12:29 PM

Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerability

The predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year

Apr 1, 2026 12:29 PM

Tags: cyber, finance, incident

Most UK manufacturers compromised last year suffered financial loss, says ESET First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/eight-10-uk-manufacturers-hit/
Financial groups lay out a plan to fight AI identity attacks

Apr 1, 2026 7:30 AM

Tags: ai, attack, deep-fake, finance, group, identity, tool

Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/fight-ai-identity-fraud/
Maryland Man Charged Over $53m Uranium Finance Crypto Hack

Apr 1, 2026 5:30 AM

Tags: crypto, exploit, finance, flaw

Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/man-charged-uranium-crypto-hack/
US indicts Maryland man for 2021 theft of $54 million from Uranium Finance

Mar 31, 2026 8:30 PM

Tags: crypto, finance, theft

U.S. Attorney Jay Clayton said Spalletta “repeatedly hacked smart contracts to steal millions of dollars’ worth of other people’s money for himself, and destroyed a cryptocurrency exchange in the process.” First seen on therecord.media Jump to article: therecord.media/us-indicts-maryland-man-54-million-crypto-theft