A new report from AI startup Anthropic warns that cybercriminals are weaponizing AI assistants in increasingly sophisticated ways. In one case, attackers used Anthropic’s own coding tool, Claude Code, to carry out nearly every stage of a large-scale data extortion campaign targeting at least 17 organizations across multiple industries.

Mobile security firm Zimperium has issued an alert about a dangerous evolution in mobile malware. Its zLabs research team discovered a new variant of the Hook banking trojan, dubbed Hook Version 3, which goes far beyond stealing banking credentials. The malware now combines features of ransomware, spyware, and traditional bank-hacking tools, giving attackers sweeping control over infected Android devices.

In July, the Basel Committee on Banking Supervision (BCBS) released its final disclosure framework for the prudential treatment of cryptoassets, ahead of the new standard (SCO60) taking effect in January 2026. While the framework aims to provide regulatory clarity, it has been met with resistance from leading industry bodies that argue the rules do not align with the realities of crypto-related risks.

The Canadian Investment Regulatory Organization (Ciro) has confirmed it detected a cybersecurity threat on August 11, prompting the regulator to proactively shut down certain systems as a precaution. Despite the disruption, Ciro emphasized that all critical functions remained operational and real-time equity market surveillance continued without interruption.

Worldpay, a global leader in payment technology, today announced they are partnering with Trulioo, the leading global digital identity platform, to introduce new safeguards for AI-powered agent-led commerce.

In April, Norway’s Police Security Service (PST) reported that pro-Russian hackers seized control of a dam in Bremanger, western Norway, releasing 500 liters of water per second for four hours before being stopped.

Kaspersky has identified a malware campaign involving the Efimer Trojan, a threat first detected in October 2024 and still active into 2025. This Trojan is designed to steal cryptocurrency, compromise WordPress sites, and spread through torrents and targeted phishing emails.