✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Banking/Mortgage
Breach intelligence, attack campaigns, and threat reports targeting the Banking/Mortgage sector.
Explore Other Sectors
Banking/Mortgage Threat Reports
Poland's Crackdown on SIM-Swap Crypto Theft: A 2026 Case Study
In June 2026, Polish authorities, with support from the FBI and Homeland Security Investigations, arrested four individuals involved in a sophisticated SIM-swapping scheme targeting cryptocurrency exchanges. The perpetrators breached IT systems of entities collaborating with telecom operators, using specialized software and social engineering to access employee email accounts. This enabled them to hijack victims' phone numbers, intercept SMS messages, and gain control over cryptocurrency exchange accounts, resulting in the theft and laundering of digital assets exceeding tens of millions of Polish zloty. ([thecoinomist.com](https://thecoinomist.com/news/poland-detains-four-sim-swap-crypto-heist-merry-linked/?utm_source=openai)) This incident underscores the escalating threat of SIM-swapping attacks in the cryptocurrency sector, highlighting the need for enhanced security measures beyond SMS-based two-factor authentication. The collaboration between Polish authorities and U.S. agencies reflects the global nature of cybercrime and the importance of international cooperation in combating such threats.
13 hours ago
Kill Chain
Cisco SD-WAN Zero-Day Exploited in Communications Provider Breach
In early 2026, a sophisticated threat actor exploited a zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager to infiltrate a communications service provider's network. The attacker gained root-level access by uploading a malicious CSV file, creating a rogue user account named 'troot,' and potentially achieving undetected visibility into the provider's internal traffic. Cisco has since patched the flaw, but the full extent of the compromise remains unclear due to the attacker's anti-forensic measures. This incident underscores the increasing targeting of edge devices by cyber adversaries, highlighting the need for enhanced security measures in network management platforms. Organizations are urged to prioritize patching, implement robust monitoring, and adopt zero-trust architectures to mitigate similar threats.
22 hours ago
Kill Chain
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
In June 2026, the U.S. Department of Justice seized a cloud computing account utilized by subsidiaries of Cambodia-based Huione Group. This infrastructure supported Huione Guarantee, a Telegram-based marketplace facilitating the laundering of billions in cryptocurrency obtained through investment frauds and cyber scams. The platform offered services such as money laundering, sale of stolen personal data, and tools for fraudulent activities, enabling the conversion of illicit proceeds into the legitimate banking system undetected. This action underscores the escalating global efforts to dismantle sophisticated cybercriminal networks exploiting digital platforms for large-scale financial crimes. The seizure highlights the critical need for robust cybersecurity measures and vigilant monitoring of online marketplaces to prevent the proliferation of such illicit activities.
1 day ago
Kill Chain
U.S. Authorities Dismantle Huione Group's Cybercrime Infrastructure in 2026
In June 2026, the U.S. Department of Justice seized a cloud computing account linked to subsidiaries of the Cambodia-based Huione Group, a conglomerate implicated in extensive cyber scams and money laundering activities. This infrastructure supported Huione Guarantee, a Telegram-based marketplace facilitating the sale of stolen personal data, malware-enabled thefts, and laundering of proceeds from various scams, including romance and investment frauds. The operation disrupted a significant node in the global cybercrime ecosystem, which had laundered over $4 billion in illicit funds between August 2021 and January 2025. This action underscores the escalating efforts by U.S. authorities to dismantle transnational cybercriminal networks exploiting digital platforms for large-scale fraud. The seizure highlights the critical need for robust cybersecurity measures and international cooperation to combat the evolving landscape of cyber threats targeting individuals and financial systems worldwide.
1 day ago
Kill Chain
SIM Swap Attack Highlights Need for Enhanced Authentication Measures
In June 2026, Torsten George, a chief cybersecurity evangelist, experienced a SIM swap attack that led to an attempted account takeover. The attacker, posing as an AT&T representative, had previously conducted a SIM swap, allowing them to intercept one-time passwords (OTPs) sent via text. During a subsequent call, the attacker sought additional credentials to gain full access to George's AT&T account. Recognizing the threat, George acted swiftly to regain control, preventing unauthorized access. This incident underscores the vulnerabilities associated with SMS-based OTPs and highlights the need for multi-layered security measures. The resurgence of SIM swap attacks, as demonstrated in this case, emphasizes the importance of adopting more secure authentication methods, such as app-based OTPs or hardware tokens, to mitigate the risks of account takeovers.
2 days ago
Kill Chain
Operation Endgame: Dismantling the SocGholish Malware Network
In June 2026, an international law enforcement operation, as part of Operation Endgame, dismantled the SocGholish malware framework by seizing 106 servers and remediating nearly 15,000 compromised WordPress websites. SocGholish, active since 2017, utilized traffic distribution systems (TDSs) to redirect users to fake browser updates, thereby gaining initial access to victims' networks. This access was often sold to cybercriminal groups like Evil Corp, facilitating ransomware deployments and espionage activities. The takedown significantly disrupted a major component of the cybercrime ecosystem, highlighting the critical role of TDSs in malware distribution. ([darkreading.com](https://www.darkreading.com/cyber-risk/socgholish-takedown-malicious-tds-threats?utm_source=openai)) The operation underscores the persistent threat posed by sophisticated social engineering tactics and the exploitation of legitimate web infrastructure. Organizations are reminded to maintain vigilant cybersecurity practices, including regular updates to content management systems, monitoring for unauthorized changes, and educating users about the risks of unsolicited software updates.
2 days ago
Kill Chain
Algerian National Extradited for Operating Cybercrime Marketplaces
In June 2026, Abdellah Belmili, a 26-year-old Algerian national known online as "SPOX," was extradited from Spain to the United States and charged with conspiracy to commit bank fraud. Belmili allegedly operated two cybercrime marketplaces, market0day.com and spoxy.us, which sold stolen financial credentials, phishing kits, and access to compromised email servers. These platforms facilitated fraudulent activities targeting major U.S. financial institutions, resulting in approximately $900,000 funneled through cryptocurrency accounts over a three-year period. Investigations revealed that Belmili embedded hidden backdoors in the phishing kits he sold, allowing him to harvest victim data even after the kits were sold to other criminals. This case underscores the persistent threat posed by cybercriminals who develop and distribute tools that enable widespread financial fraud. The operation of such marketplaces highlights the evolving tactics of cybercriminals and the importance of international cooperation in apprehending individuals who exploit digital platforms for illicit gain.
2 days ago
Kill Chain
JaredFromSubway MEV Bot Hacked: A $15 Million Crypto Heist
In June 2026, the Ethereum-based MEV bot known as JaredFromSubway suffered a $15 million loss after an attacker exploited its opportunity-detection logic. The attacker created fake cryptocurrency trading opportunities by deploying contracts designed to appear as profitable MEV opportunities. The bot, upon analyzing these deceptive routes, granted ERC-20 token approvals to contracts controlled by the attacker, who subsequently withdrew WETH, USDC, and USDT from the bot's contract via the transferFrom function. This incident underscores the vulnerabilities inherent in automated trading systems and highlights the need for robust security measures in the rapidly evolving DeFi landscape. As MEV bots continue to play a significant role in blockchain ecosystems, their susceptibility to sophisticated attacks poses ongoing risks to financial stability and trust in decentralized platforms.
3 days ago
Kill Chain
Global WhatsApp Phishing Campaign Exploits Fake Business Documents
In June 2026, a sophisticated phishing campaign targeted WhatsApp users globally, distributing malicious VBScript files disguised as business documents. Attackers compromised WhatsApp accounts to send these deceptive messages, leading recipients to execute scripts that disabled User Account Control (UAC) protections and installed ManageEngine Endpoint Central, granting remote access to victims' systems. The campaign affected users in countries including Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia. This incident underscores the evolving tactics of cybercriminals leveraging trusted communication platforms to disseminate malware. The use of legitimate software for malicious purposes highlights the need for heightened vigilance and robust security measures to protect against such sophisticated attacks.
3 days ago
Kill Chain
Unveiling the WhatsApp VBS RMM Campaign: A 2026 Cybersecurity Threat
In June 2026, a sophisticated malware campaign was identified, leveraging WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. These scripts, once executed, initiated a multi-stage infection chain that ultimately installed Remote Monitoring and Management (RMM) software, granting attackers persistent remote access to compromised Windows systems. The campaign employed social engineering tactics, using deceptive file names to entice users into executing the scripts. Notably, the malware utilized renamed legitimate Windows utilities and retrieved payloads from trusted cloud services, effectively evading detection mechanisms. ([microsoft.com](https://www.microsoft.com/en-us/security/blog/2026/03/31/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors/?utm_source=openai)) This incident underscores a concerning trend in cyber threats, where attackers exploit widely-used communication platforms and legitimate tools to infiltrate systems. The use of trusted cloud services for payload delivery and the manipulation of standard Windows utilities highlight the evolving sophistication of threat actors. Organizations must remain vigilant, enhancing their security protocols to detect and mitigate such deceptive tactics.
3 days ago
Kill Chain
INTERPOL Highlights Escalating Cyber Threats in Asia-Pacific
INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report highlights a significant surge in cybercrime across the region, driven by rapid digitalization and organized criminal networks. Phishing has emerged as the most prevalent and financially damaging form of cybercrime, with over half of the surveyed countries reporting that cybercrime accounts for more than 30% of all recorded crimes. The report also notes a rise in ransomware attacks, deepfake scams, and AI-driven frauds targeting sectors such as real estate, manufacturing, and financial services. ([interpol.int](https://www.interpol.int/content/download/24327/file/CYBER_ASP%20Cyber%20Threat%20Assessment%20Report_2025_2026_v4.pdf?utm_source=openai)) This escalation underscores the urgent need for enhanced cybersecurity measures and international cooperation to combat the evolving threat landscape. The increasing sophistication of cybercriminal tactics, including the use of AI and ransomware-as-a-service models, poses a substantial risk to both public and private sectors. ([interpol.int](https://www.interpol.int/content/download/24327/file/CYBER_ASP%20Cyber%20Threat%20Assessment%20Report_2025_2026_v4.pdf?utm_source=openai))
3 days ago
Kill Chain
Prinz Eugen Ransomware: A New Threat Targeting Recent Files
In June 2026, the Prinz Eugen ransomware group launched attacks targeting organizations in the United Kingdom, France, and South Africa. The group gained initial access through stolen RDP credentials, utilizing legitimate remote monitoring and management tools to establish persistence. Their Go-based malware prioritized encrypting recently modified files, aiming to disrupt critical business operations. Notably, the ransomware did not leave a ransom note, complicating detection and response efforts. This incident underscores the evolving tactics of ransomware groups, emphasizing the need for organizations to enhance their cybersecurity measures. The use of legitimate tools for malicious purposes highlights the importance of monitoring for anomalous behavior and implementing robust access controls to mitigate such threats.
5 days ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports