Tag: finance
-
Measuring Agentic AI Posture: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits
51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
-
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
-
AI, Deepfakes Are Top Risks for Financial Crime Specialists
ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection. The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists…
-
Marquis blames ransomware breach on SonicWall cloud backup hack
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
I’m a tech-savvy zillennial who knows how to safeguard against hacking. Scammers still managed to get me | Caitlin Cassidy
Had I received any suspicious text messages claiming to be from my bank, the fraud team asked. Had I clicked on the links? My stomach dropped<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>The scariest part about getting scammed was not realising it was happening in the first place.Perhaps naively,…
-
FTC commissioner says online age verification ‘offers a better way’ to protect kids
Tags: financeFTC Commissioner Mark Meador framed the issue through the lens of child safety, citing statistics showing increases in self-harm among children in the digital era. First seen on therecord.media Jump to article: therecord.media/ftc-commissioner-age-verification-children-online
-
Massives Datenleck bedroht rund 150 Millionen Benutzer
Tags: credentials, credit-card, crypto, cyberattack, data-breach, finance, fraud, login, mail, malware, password, phishing, riskDie offengelegten Zugangsdaten stellen ein erhebliches Sicherheitsrisiko dar.Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf. Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und…
-
Cybercriminals Exploit Canadians’ Dependence on Digital Services in Widespread Attacks
Canadian citizens are facing a coordinated phishing campaign that leverages government impersonation and brand spoofing to harvest personal and financial data at scale. The campaign is heavily aligned with PayTool, a known phishing-as-a-service ecosystem specializing in traffic violation scams targeting Canadians via SMS. Beyond traffic fines, threat actors are impersonating Canada Revenue Agency (CRA), Air…
-
Sicarii ransomware locks your data and throws away the keys
Tags: ai, business, communications, compliance, credentials, data, encryption, extortion, finance, malware, network, ransomware, risk, vulnerabilityUnusual technical profile hints at vibe-coding: One possible explanation for Sicarii’s broken encryption flow is immature or poorly implemented development practices. The ransomware’s failure to retain usable keys is inconsistent with established ransomware design and suggests it may have been assembled without rigorous testing or a clear understanding of operational consequences, or even vibe-coded.”Halcyon assesses…
-
Delegation is a risk decision every leader makes, not an ops choice
Tags: access, ai, awareness, breach, business, communications, compliance, control, finance, governance, infrastructure, jobs, resilience, risk, risk-assessment, service, toolAirlines and booking platforms, overwhelmed by volume and operational pressure, delegated financial decision-making to automated systems that could issue credits, delay refunds, or apply preset rules at scale.In many cases, those systems operated exactly as configured. They stayed within internal thresholds, followed approved logic, and reduced immediate operational load. The problem surfaced later. Customers challenged outcomes.…
-
Skills CISOs need to master in 2026
Tags: access, ai, business, ciso, cloud, compliance, credentials, cyber, cybersecurity, data, endpoint, finance, firewall, group, Hardware, identity, infrastructure, intelligence, jobs, resilience, risk, risk-management, skills, strategy, threat, tool, trainingTop technical skills: In addition to strong knowledge of AI systems, today’s CISOs need a solid foundation in the technologies that define modern enterprise environments. The (ISC)² CISSP is still widely regarded as the gold standard for broad expertise in security architecture, risk management, and governance. “Regulators will expect this, and it still appears in…
-
Can compliance automation keep regulators satisfied?
How Can Organizations Meet the Challenges of Compliance Automation? What are the key challenges businesses face when aiming to satisfy regulatory requirements through compliance automation? Managing non-human identities (NHIs) and secrets security in cloud environments is becoming increasingly important for businesses across various industries. Financial services, healthcare, travel, and DevOps teams are all seeking robust……
-
How does Agentic AI reduce risks in digital environments?
What Makes Non-Human Identities (NHIs) Vital for Cloud Security? Where businesses increasingly shift operations to the cloud, how can they ensure robust security while managing machine identities? Non-Human Identities (NHIs) offer a promising solution, playing a pivotal role in safeguarding digital environments from potential risks. Businesses across various sectors, from healthcare to financial services, are……
-
Overcoming AI fatigue
Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trustbefore it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
-
Critical CERT-In Advisories January 2026: SAP, Microsoft, and Atlassian Vulnerabilities
January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity advisories exposing critical flaws across SAP, Microsoft, and Atlassian, the very platforms that run finance systems, identity layers, developer pipelines, and collaboration tools inside most enterprises. These weren’t theoretical bugs. One Windows vulnerability was already being exploited……
-
NDSS 2025 all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks
Tags: attack, authentication, conference, credentials, finance, group, Internet, network, ransom, ransomware, softwareSession 10B: Ransomware Authors, Creators & Presenters: Kevin van Liebergen (IMDEA Software Institute), Gibran Gomez (IMDEA Software Institute), Srdjan Matic (IMDEA Software Institute), Juan Caballero (IMDEA Software Institute) PAPER all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks We present the first systematic study of database ransom(ware) attacks, a class of attacks where…
-
New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware
A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but…
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
US to deport Venezuelans who emptied bank ATMs using malware
South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-to-deport-venezuelans-who-emptied-bank-atms-using-malware/
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
How to scale NHIs safely and efficiently?
Is Your Organization Ready to Scale NHIs Safely and Efficiently? Scaling Non-Human Identities (NHIs) is a complex endeavor, particularly in dynamic industries such as financial services, healthcare, and technology-driven sectors that rely heavily on cloud computing. Where NHIs serve as the backbone for automation, the question becomes: how can organizations use NHI management to achieve……
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…