BankInfoSecurity.com

Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste Hit
This week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect.

Finnish Border Guard Seize Cargo Ship Suspected of Causing Disruption
Finnish police on Wednesday seized a cargo ship sailing from Russia suspected of rupturing an undersea telecommunication cable connecting Helsinki to Estonia, a region of the Baltic Sea that is the site of a slew of suspected Russian cable sabotage incidents.

Systems Thinking, Not Tools, Increasingly Separates Senior Talent From Peers
The Six Degrees of Kevin Bacon game shows how quickly distance disappears once connections are traced. Cybersecurity careers work the same way. Advancement depends on understanding how your work connects to indirect risk, supply chain failures and business outcomes beyond your role.

Ransomware Attackers Grabbed Customer Data Stored by Marquis Software Solutions
More financial services firms are reporting breaches of customer data that trace to an August ransomware attack against Marquis Software Solutions, which provides marketing and compliance software used by over 700 banks and credit unions. At least 1.4 million consumer appear to be affected.

Experts on Cyberattacks, Deepfakes, AI and Geopolitical Strife in the Year Ahead
Cyberattacks, nation-state hacking and geopolitical shifts dominated 2025, but the year will also be remembered as a turning point - where AI blurred the lines between real and fake and AI agents introduced new enterprise risks. Our panel of experts discusses the top 10 trends to watch in 2026.

A Look Back at 3 Key Identity Fraud Trends in 2025
Fraudsters stick to the basics, because the basics work. Synthetic identities, fake accounts and tried-and-tested account takeovers still work, even in an age of artificial intelligence-related threats. Scammers are happy to keep on stealing the old-fashioned way.

Large language models have a well-earned reputation for making things up. But for AI cybersecurity architect Erica Burgess, rather than being a bug, GPT hallucinations can be a threat-modeling feature. "I like to think of the hallucinations as just ideas that haven't been tested yet," she said.

Americans Extorted at Least 5 Firms, Earning $1 Million From a Medical Device Maker
Two American cybersecurity professionals who moonlighted as BlackCat ransomware gang affiliates pleaded guilty to using the crypto-locking malware to extort at least five victims in the United States, including a medical device maker that paid a cryptocurrency ransom worth over $1 million.

3 Years in, Generative AI Has Created Fewer New Roles Than Expected
Three years after ChatGPT's public debut in November 2022, the promised artificial intelligence job revolution has arrived. It's just not what anyone anticipated. Research shows that demand for AI fluency jumped nearly sevenfold in two years.

Jason Rolleston: Unified Agent and AI Aim to Boost Midmarket Security Capabilities
Broadcom's integration of Symantec and Carbon Black promises a unified single-agent framework and AI-enhanced threat detection to help small and midmarket businesses defend against sophisticated cyberthreats with limited resources, said Jason Rolleston.

Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal Data
Tens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.

Attackers Continue to Hit Edge Devices and Wield Infostealers and Ransomware
As the year comes to a close, what's notable is how much doesn't seem to have fundamentally changed on the cyberattack front, across edge device targeting, breaches, ransomware and more. But the pace at which attacks unfold and defenders must respond, mitigate or triage seems to keep accelerating.

Use cases of AI in healthcare will continue to expand in 2026 - including for back-office automation, ambient exam room documentation, claims processing and clinical decision support - but so will critical privacy, security, legal and other risks, said attorney Wendell Bartnick of law firm Reed Smith.

AI Adoption Putting Hypervisors in Attackers Sights, Says Google Cloud's Jamie Collier
Hypervisors and virtualized infrastructure are drawing more cyberattacks, a trend that reflects organizations' expanded use of cloud services, containers and artificial intelligence-driven systems, said Jamie Collier, lead threat intelligence advisor for the EMEA region at Google Cloud.

Synthetic Entities, AI-Driven Scams, Stablecoin Misuse Pose Key Threats in 2026
Artificial intelligence-powered scams reached new heights in 2025. In the coming year, those threats will evolve further, with synthetic entities, stablecoin abuse and deepfakes driving fraud campaigns. Banks and lenders need better data, reporting and regulations to stay ahead of fraudsters.

Variant Likely in Beta Stage, Aikido Researcher Said
Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security researchers at Aikido on Sunday uncovered a new Shai Hulud variant.