Synthetic Identity Theft On The Rise

,

Synthetic identity theft, a growing credit card fraud method, involves creating fake identities rather than stealing existing ones. This rise follows the Equifax data breach, exposing personal information of 143 million consumers. Reports show this fraud accounts for up to 20% of unpaid credit card loans and cost banks over $6 billion in 2016. Law enforcement is now focusing on this issue as banks face increasing concerns over synthetic fraud.

https://www.pymnts.com/news/security-and-risk/2017/synthetic-identity-theft-equifax/

Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework

Summary: Google's report predicts AI will fundamentally change cybersecurity in 2026, with AI tools becoming standard for both attackers and defenders. MITRE updates its ATT&CK framework to address new threats, including for Kubernetes and cloud databases. McKinsey advises treating autonomous AI as “digital insiders” to mitigate risks. Agencies warn about vulnerabilities in on-prem Exchange servers, urging immediate patching, while the CIS updates benchmarks for software security configurations.

https://securityboulevard.com/2025/11/cybersecurity-snapshot-ai-will-take-center-stage-in-cyber-in-2026-google-says-as-mitre-revamps-attck-framework/

12 Steps You Can Take Right Now to Be Safer Online

12 cybersecurity tips:
1. Install updates immediately for software security.
2. Use strong passwords; consider a password manager.
3. Set up two-factor authentication to add security layers.
4. Backup data using the 3-2-1 rule to combat ransomware.
5. Recognize social engineering tactics to spot scams.
6. Check links before clicking to avoid malware.
7. Limit personal information shared online to reduce risks.
8. Use a VPN to protect your online identity.
9. Conduct regular virus scans for malware detection.
10. Utilize email maskers and private search engines for privacy.
11. Employ data removal services to manage personal information usage.
12. Maintain physical security of devices to prevent unauthorized access.

https://www.engadget.com/cybersecurity/12-steps-you-can-take-right-now-to-be-safer-online-130008335.html

DDoS Attacks Dominate as Hacktivists Target Public Sector

EU public administrations face increasing DDoS attacks from hacktivists, per an ENISA report. Central government targets account for 69% of incidents, with DDoS attacks making up 60%. Public sector vulnerability is high due to sensitive data management. Recommendations for resilience under NIS2 Directive include implementing CDNs, multi-factor authentication, and cross-border preparedness to safeguard essential services and public trust.

https://www.digit.fyi/enisa-cyber-report/

Understanding Prompt Injections: a Frontier Security Challenge

,

Prompt injection is a security challenge in AI, where attackers manipulate AI responses using malicious instructions in user inputs. As AI gains more capabilities and access to sensitive data, protecting users from these risks is crucial. OpenAI employs a multi-layered defense approach, including safety training, monitoring, security protections, user controls, red-teaming, and a bug bounty program. Users are advised to limit data access, verify agent actions, provide explicit instructions, and stay informed about security. Ongoing research aims to enhance AI robustness against these attacks and ensure safe interactions.

https://openai.com/index/prompt-injections/

Death by a Thousand Prompts: Open Model Vulnerability Analysis

,

TLDR: Cisco's analysis of open-weight AI models shows high vulnerability to multi-turn attacks, with success rates significantly higher than single-turn, risking data integrity and security. Evaluations of major models reveal gaps related to alignment strategies, emphasizing the need for stronger safety protocols and the adoption of proactive security measures in AI deployments.

https://blogs.cisco.com/ai/open-model-vulnerability-analysis

Cloudflare Scrubs Aisuru Botnet From Top Domains List

Cloudflare removed Aisuru botnet domains from its top websites list after they manipulated rankings by usurping major sites like Amazon and Google. Aisuru, a growing botnet exploiting IoT devices, redirected traffic to Cloudflare's DNS services. Concerns arose over domain credibility, prompting Cloudflare to partially redact malicious domains. Experts criticized Cloudflare's ranking integrity, emphasizing the need to separate malicious domains to maintain trust. Aisuru continues to operate mainly through .su domains, raising security alarms as it impacts DNS traffic significantly.

https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/

Gootloader Malware Is Back With New Tricks After 7-month Break

Gootloader malware has returned after a 7-month hiatus, using SEO tricks to promote fake websites that distribute malicious files. It tricks users into downloading harmful documents, often disguised as legal templates, to install additional malware like ransomware. Researchers have discovered new techniques to evade detection, including obfuscating filenames and using malformed ZIP archives. Users are cautioned to avoid suspicious sites when searching for legal documents.

https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/

Malicious Infrastructure Finds Stability With Aurologic GmbH

,

TLDR: aurologic GmbH is a key German hosting provider supporting high-risk networks linked to cybercrime. Established in 2023, it provides services to many threat activity enablers like Aeza Group and Global-Data System, despite increasing scrutiny and sanctions. The company’s operational neutrality raises concerns about accountability in the internet hosting ecosystem, as it facilitates malicious activities while complying legally. Notable downstream customers have been linked to various malware and cybercrime infrastructures, indicating aurologic's significant role in the ongoing challenges of managing malicious online activities.

https://www.recordedfuture.com/research/malicious-infrastructure-finds-stability-with-aurologic-gmbh

Malicious Android Apps on Google Play Downloaded 42 Million Times

,

Malicious Android apps on Google Play were downloaded over 42 million times between June 2024 and May 2025, with a 67% rise in mobile malware, especially spyware and banking trojans. Shift in cybercriminal tactics towards social engineering-based attacks is noted. The report highlights three significant malware families affecting users: Anatsa (banking trojan), Android Void (backdoor for Android TV boxes), and Xnotice (RAT targeting job seekers). Key advice for users includes applying security updates and using reputable app sources.

https://www.bleepingcomputer.com/news/security/malicious-android-apps-on-google-play-downloaded-42-million-times/

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Extreme TLDR:
Google Threat Intelligence Group (GTIG) identifies increased malicious AI use: adversaries now deploy AI-enhanced malware like PROMPTFLUX and PROMPTSTEAL, capable of dynamic self-modification and command generation. Threat actors use social engineering to bypass AI safeguards and access capabilities for phishing, malware design, and data exfiltration. A mature underground marketplace offers AI tools for cybercrime, reflecting a shift towards greater sophistication in criminal operations. State-sponsored actors leverage AI throughout the attack lifecycle, including advancements in cryptocurrency-focused thefts.

https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools

AI-based Malware Makes Attacks Stealthier and More Adaptive

Google identifies five AI-powered malware families that adapt and evade detection, marking a new phase in cyber threats. These families—FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, and QUIETVAULT—utilize AI to dynamically alter their code and create attacks, complicating defense efforts. Recent findings suggest a technological arms race between attackers and defenders, highlighting the need for improved detection methods against such evolving threats.

https://www.cybersecuritydive.com/news/ai-powered-malware-google/804760/

Cops Cuff 18 Suspects Over $345M Credit Card Fraud Scheme

Eighteen people have been arrested in a global operation targeting three networks suspected of large-scale credit card fraud and money laundering. The criminals used stolen data from millions of cardholders worldwide to create fake online subscriptions for adult and streaming services, resulting in $345 million in losses. The scheme involved insiders at payment processing companies and relied on shell companies to conceal activity. Authorities coordinated across 30 countries, searched dozens of properties, and seized millions in assets. The fraudulent activity was halted in 2021, and investigations continue.

https://www.bankinfosecurity.com/cops-cuff-18-suspects-over-345m-credit-card-fraud-scheme-a-29935

Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

, ,

Tycoon 2FA Phishing Kit Overview:
Emerging in August 2023, Tycoon 2FA is a sophisticated phishing threat leveraging multi-factor authentication (MFA) bypass techniques, primarily targeting Microsoft 365 and Gmail users. With over 64,000 incidents reported in 2025, it employs a Phishing-as-a-Service platform to capture user credentials via a reverse proxy and deceptive login pages. The attack exploits various distribution methods, including PDFs, and evades detection with anti-research mechanisms and real-time MFA code capture. Enhanced security measures and user education are essential to mitigate risks associated with Tycoon 2FA.

https://gbhackers.com/tycoon-2fa-phishing/

Scroll to Top