Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
A sophisticated loan‑phishing campaign in Peru, uncovered by Group‑IB, uses fake loan applications to harvest valid bank card numbers and six‑digit PINs. The operation impersonates a leading Peruvian bank across 16 dedicated domains and more than 370 related sites, employing Luhn‑algorithm checks to filter only genuine cards. Victims are guided through staged verification, where facial recognition fails and card entry becomes mandatory. The scheme has already expanded to Colombia, Chile, Ecuador and El Salvador, indicating a broader Latin‑American threat.
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts that within the next two years up to 50% of global enterprises will adopt zero‑trust data governance as AI‑generated content floods books, code repositories, and research papers. The feedback loop of large language models training on prior AI...
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey reveals cyber risk has risen to a top‑three threat alongside macroeconomic volatility, with 31 % of CEOs rating their firms as highly or extremely exposed to significant financial loss from cyber attacks in the coming year....
AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'
Group‑IB warns that cybercrime has entered a fifth wave powered by weaponized AI, accelerating attacks with generative tools. Dark‑web marketplaces now sell synthetic identity kits and deep‑fake‑as‑a‑service for as little as $5, while AI‑enhanced phishing kits automate victim targeting and...
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals
The TamperedChef campaign uses malvertising to deliver trojanized PDF manuals that install a backdoor-infostealer on victim networks. Researchers at Sophos observed widespread targeting across Europe, especially in Germany, the UK and France, focusing on firms that rely on specialized technical...
Account Compromise Surged 389% in 2025, Says eSentire
eSentire’s 2025 Year in Review reports a 389 % year‑over‑year surge in account compromise, now accounting for 55 % of all attacks. Credential theft dominates, representing 75 % of malicious activity, with Microsoft 365 as the prime target. Phishing‑as‑a‑Service (PHaaS) kits drove 63 % of...
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has identified a coordinated exploitation campaign by the Linux‑based RondoDox botnet targeting HPE OneView’s critical CVE‑2025‑37164 vulnerability. The flaw, scored 10.0 on the CVSS scale, allows unauthenticated remote code execution via the ExecuteCommand REST endpoint. In early...
Global Agencies Release New Guidance to Secure Industrial Networks
The U.S. Cybersecurity and Infrastructure Security Agency, the U.K. National Cyber Security Centre, and the FBI released a joint set of security principles for operational technology (OT) environments. The guidance addresses the expanding attack surface caused by increased connectivity between...
Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion
Cyber‑criminals are increasingly abandoning encryption‑based ransomware in favor of pure data‑theft extortion. Symantec and Carbon Black report a jump from 28 incidents in 2024 to nearly 1,500 in 2025, while traditional ransomware remained flat at about 4,700 attacks. The surge...
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Cybercriminals and hacktivists sharply increased attacks on industrial control systems in 2025, with vulnerability disclosures nearly doubling to 2,451 across 152 vendors. Siemens was the most affected vendor, reporting 1,175 flaws, while Schneider Electric faced a higher proportion of critical...
CodeBuild Flaw Put AWS Console Supply Chain At Risk
Security researchers at Wiz uncovered a critical misconfiguration in AWS CodeBuild that let unauthenticated attackers inject malicious code into core AWS open‑source repositories, including the widely used AWS SDK for JavaScript. The flaw stemmed from an unanchored regular‑expression filter on...
CISO Role Reaches “Inflexion Point” With Executive-Level Titles
The 2026 State of the CISO Report shows a structural shift, with 46% of North American CISOs now holding executive titles such as EVP or SVP. Over half of respondents say their role has expanded to cover SecOps, architecture, GRC,...
Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns
ISACA’s State of Privacy 2026 report reveals that median privacy team size dropped to five members, down from eight the previous year, while technical privacy roles face the steepest shortages. Budget pressures persist, with only 36% of respondents feeling adequately...
G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems
The G7 Cyber Expert Group has issued a recommended roadmap urging financial institutions and public entities to fully adopt post‑quantum cryptography by 2034. The plan outlines six phases—from awareness and inventory to migration, testing and validation—spanning 2025‑2035. While advisory, it...
Microsoft Fixes Three Zero-Days on Busy Patch Tuesday
Microsoft released its latest Patch Tuesday update, fixing 114 CVEs including three critical zero‑day bugs. The zero‑days are CVE‑2026‑20805 (information disclosure in Desktop Window Manager), CVE‑2026‑21265 (secure‑boot certificate bypass), and CVE‑2023‑31096 (elevation of privilege in legacy Agere modem drivers). The...
Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill
The UK Parliament’s Public Bill Committee has opened a consultation for the Cyber Security and Resilience Bill (CSRB), the successor to the 2018 NIS Regulations and a NIS2‑style overhaul for critical infrastructure. After its second reading, the bill now enters...
Global Magecart Campaign Targets Six Card Networks
Security firm Silent Push uncovered a long‑running Magecart skimming operation that has been active since 2022. The campaign injects malicious JavaScript into e‑commerce sites, targeting six major payment networks – American Express, Diners Club, Discover, JCB, Mastercard and UnionPay. Victims see a...
World Economic Forum: Cyber-Fraud Overtakes Ransomware as Business Leaders' Top Cyber-Security Concern
The World Economic Forum’s Global Cybersecurity Outlook for 2026 reveals that phishing attacks have eclipsed ransomware as the chief concern for business leaders. Seventy‑seven percent of respondents reported a rise in cyber‑enabled fraud, and 73 percent said they or a...
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested
Europol coordinated a multi‑national operation that led to the arrest of 34 members of the Black Axe cyber‑crime gang across Spain and Germany. Spanish police detained suspects in Seville, Madrid, Málaga and Barcelona, while German authorities assisted in the raids....
World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks
The World Economic Forum’s Cybercrime Atlas report warns that advanced deep‑fake face‑swapping tools are now capable of bypassing know‑your‑customer (KYC) and remote verification processes. Researchers examined 17 commercial face‑swap applications and eight camera‑injection tools, finding that low‑latency, high‑fidelity swaps can...
AI-Powered Truman Show Operation Industrializes Investment Fraud
Security firm Check Point uncovered an AI‑driven investment fraud that stages a "Truman Show"‑style reality for victims. The operation uses unsolicited SMS and ads to lure targets into WhatsApp groups populated by AI‑generated experts and fake members who showcase fabricated...
New Zero-Click Attack Lets ChatGPT User Steal Data
Researchers at Radware disclosed a new prompt‑injection method called ZombieAgent that lets ChatGPT exfiltrate data from integrated services such as Gmail, Outlook, Google Drive, and GitHub. The technique sidesteps OpenAI’s recent URL‑modification guardrails by using pre‑built static URLs, leaking information...
China-Linked UAT-7290 Targets Telecom Networks in South Asia
Cisco Talos has identified a long‑running cyber‑espionage campaign, designated UAT‑7290, targeting high‑value telecommunications infrastructure across South Asia since at least 2022. The group compromises public‑facing edge devices using one‑day vulnerabilities and SSH brute‑force techniques, deploying a suite of Linux‑based tools...
Fifth of Breaches Take Two Weeks to Recover From
A new Absolute Security report, based on a poll of 750 CISOs in the US and UK, finds that endpoint disruptions from cyber‑attacks often require 3‑6 days to remediate, with 19% taking up to two weeks. The average cost to...
US To Leave Global Forum on Cyber Expertise
The Trump administration signed an executive order on Jan. 7 withdrawing the United States from 66 international bodies, including the Global Forum on Cyber Expertise (GFCE) and the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE). Both organizations coordinate...
Versatile Malware Loader Pkr_mtsi Delivers Diverse Payloads
ReversingLabs identified a Windows packer named pkr_mtsi that serves as a versatile malware loader in large‑scale malvertising and SEO‑poisoning campaigns. First seen in April 2025, it disguises fake installers for popular tools like PuTTY, Rufus and Microsoft Teams, then delivers...
Ghost Tap Malware Fuels Surge in Remote NFC Payment Fraud
Group‑IB uncovered a new Android malware family, dubbed Ghost Tap, that enables criminals to perform unauthorized tap‑to‑pay transactions by remotely relaying NFC card data. Over 54 malicious APKs, disguised as legitimate finance apps, are sold on Chinese‑language Telegram channels where...
High-Severity Flaw in Open WebUI Affects AI Connections
A high‑severity vulnerability (CVE‑2025‑64496) was found in Open WebUI versions 0.6.34 and earlier when the Direct Connections feature is enabled. The flaw lets a malicious AI endpoint send crafted server‑sent events that execute JavaScript in the user’s browser, stealing localStorage tokens and...
Jaguar Land Rover's Q3 Sales Crash Amid Cyber-Attack Fallout
Jaguar Land Rover reported a sharp sales decline in Q3 2025 after a late‑August cyber‑attack crippled its factories. Retail volumes fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Production stoppages in September and lingering...
VVS Stealer Uses Advanced Obfuscation to Target Discord Users
The VVS stealer, a Python‑based malware family distributed as a PyInstaller package, employs Pyarmor obfuscation to evade detection and specifically harvest Discord tokens and browser credentials. It injects malicious JavaScript into the Discord client, extracts data from Chromium‑based and Firefox...