Phishing isn’t the only threat to worry about. The FBI has issued a critical advisory about Ghost, a ransomware campaign exploiting known software vulnerabilities instead of relying on phishing. Active in over 70 countries, Ghost targets sectors worldwide, using publicly available code to infiltrate unpatched internet-facing servers.

The U.S. Securities and Exchange Commission (SEC) has established the Cyber and Emerging Technologies Unit (CETU) to address cyber-related misconduct and protect retail investors from technology-driven fraud.

Source: LexisNexis

LexisNexis Risk Solutions, part of RELX, closed its acquisition of IDVerse, a provider of AI-powered document authentication and fraud detection solutions.

Hackers are using Google Tag Manager (GTM) to inject malware into Magento-based eCommerce websites, enabling them to steal credit card numbers during customer checkout.

JP Morgan Chase CEO Jamie Dimon, in a meeting with Republican lawmakers and top bank CEOs, called for a review of financial regulations. He warned that strict rules, particularly anti-money laundering laws, are forcing banks to cut off customers to avoid penalties.

Doxbin, a platform infamous for doxxing and exposing personal information, has suffered a major data breach orchestrated by the hacker group Tooda. The attackers deleted user accounts, locked out administrators, and leaked a massive database containing 136,814 user records, including usernames, email addresses, and a so-called “Blacklist” file—detailing individuals who had allegedly paid to keep their information off the site. The breach appears to be fueled by a long-standing rivalry between hacker groups, with Tooda claiming their attack was in response to accusations against one of their members.

More than three million employee-linked corporate accounts across Fortune 500 companies were compromised between 2022 and 2024, according to cybersecurity firm Enzoic.