Artificial intelligence isn’t just another tool in the security stack anymore – it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially..

The post The Dual Role of AI in Cybersecurity: Shield or Weapon? appeared first on Security Boulevard.

Kensington and Chelsea, Westminster, and Hammersmith & Fulham councils have triggered their emergency response plans.

The post Cyberattack Disrupts Services Across London Councils appeared first on TechRepublic.

Kensington and Chelsea, Westminster, and Hammersmith & Fulham councils have triggered their emergency response plans.

The post Cyberattack Disrupts Services Across London Councils appeared first on TechRepublic.

A cyberattack on fintech firm SitusAMC has major US banks scrambling to assess potential data exposure tied to mortgages and real estate loans.

The post SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley appeared first on TechRepublic.

A cyberattack on fintech firm SitusAMC has major US banks scrambling to assess potential data exposure tied to mortgages and real estate loans.

The post SitusAMC Cyber Breach Sparks Fallout for JPMorgan, Citi, and Morgan Stanley appeared first on TechRepublic.

From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention...

The post AI as Cyberattacker appeared first on Security Boulevard.

The Cipher Brief spoke with Dr. Neal Jetton, the Cybercrime Director of Interpol, to discuss how the world’s largest international police organization is taking on the threat. Speaking from last month’s Global Cybersecurity Forum in Riyadh, Saudi Arabia, Dr. Jetton said Interpol-driven efforts like information-sharing, cross-border cooperation and law enforcement training are critical in countering emboldened cybercriminals.

The Cipher Brief: Can you tell us what kind of buzz has been there? Have there been key themes or issues at this very point in time among the cyber experts that you've been talking to?

Dr. Jetton: I think you can't get away from AI here. Every panel, every discussion has an AI focus, and you think, "Ugh, more AI." But, it's here. It does impact probably everything. We have a lot of cyber threat intel companies here from the private sector who are working with it every day for their means.

And then from a law enforcement perspective, we look at it kind of as a double-edged sword. I'm from INTERPOL, so we look at how AI can benefit law enforcement in the long run. But as a cybercrime director, I also see how cyber criminals are also utilizing AI to enhance the effectiveness of their criminal activities.

The Cipher Brief: What can you tell us about the role that INTERPOL plays in countering these threats?

Dr. Jetton: So, just a little bit about INTERPOL because maybe there's some misconceptions about what it is. Even my neighbors sometimes think, "What do you actually do, Neal?" So in INTERPOL, there are 196 member countries. We are focused on law enforcement to law enforcement connections. So what we want to do in the Cybercrime Directorate is understand what our membership is suffering from as far as the type of crimes that they are seeing the most.

So we will send out yearly threat assessments because we think we might have a good idea of what a particular region is suffering from, but we need to hear it directly from the law enforcement officers and experts on the ground. We'll get that information, and then we'll turn that around and we'll try to base our training, our coordination meetings, and then our operations focused on the threats that they, our members, see most commonly.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Cipher Brief: When we talk about things like attribution, going after threat actors and bolstering cybersecurity, where do those rank on the priority scale for INTERPOL?

Dr. Jetton: Within the Cybercrime Directorate, we have three goals. I tell my team, what we want to do is we want to build up the capacity for our country. So we have to understand what they need, what they're lacking in terms of tools and training. We then want to provide accurate, useful intelligence to our member countries that they can use and turn into evidence that then helps drive their investigations to be more successful.

But my goal is to increase the capacity for our member countries, to provide relevant intelligence to them so that we have operational success, and we've done that. I think we've done more than 10 operations this year within the Cybercrime Directorate, both global and regional, focused on the threats that our members are seeing most.

What we will do is, in a lot of instances, we will bring the countries that are participating in our operations all together at one point. We'll then bring relevant private sector partners, many of them here at GCF, to come and provide training to them on the ground. We will do tabletop exercises, and then at the end of that week, it's usually a five-day process, we'll kick everybody out and we'll just focus on the operation at hand. We'll say, "We're going after this malware or these threats. These are the types of steps that we think you should take that would help you in your investigation."

So we really do want to benefit our members. I want to say though that the success that these operations have had—we've had some big wins recently—the lion's share of the success goes to our member countries, the law enforcement on the ground who are doing the actual investigations, who are going and making the arrests and seeing those things through. We've done several recently with great success.

The Cipher Brief: We asked Chris Inglis, who is the former National Security or Cybersecurity Director in the United States, about the connections between nation states and cyber criminal groups. How do you see INTERPOL playing a role in this area? Are there both challenges and opportunities when you're talking about cybercrime that may be backed by nation states?

Dr. Jetton: That's one of the misnomers with INTERPOL. The big thing with INTERPOL is neutrality. I came from a task force where we looked at nation state transnational cybercrime. But within INTERPOL, I just have to state that our constitution does not really allow us to focus on investigative matters of a religious, racial, political, or military nature. So we know that that limits the nation state actors, and I'm very aware of that. It's not like I'm naive to understand who's behind a lot of these cyber criminal activities. But to maintain that neutrality and trust with 196 members, there is a limit to what INTERPOL is allowed to do. Countries will reach out to you and they will say, "Hey, our government networks have been breached," and I know automatically this is not your usual financially motivated cyber criminals, there's something there. So I have to work hand in hand with my legal affairs team to say, "Where can we draw the line?" I don't just want to say, "No, we're not doing anything," but can we provide something, at least the starting point, but we don't want to provide attribution or state like, "Hey, it's this person.” But maybe give them a little bit of a head start and then hand off to the countries that provided the intel or are having the issues and then help them along the way.

So I just want to be clear. Nation state actors, there are a lot of organizations that are focused on that, including where I was previously. But INTERPOL, we are really focused on the financially motivated cyber criminals.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief: It's such an interesting patchwork of expertise that it is critical for collective defense. What vulnerabilities do you see from your perch at INTERPOL right now in cyberspace, and where do you think defenses are failing?

Dr. Jetton: For us, when we're asking countries, "What are the biggest issues that are preventing you from being more successful in combating cybercrime?" A lot of it is the tools and the training, just having insufficient funds to actually drive up their investigative know-how or expertise. But also I think between countries, it's just the rapid ability to share information.

There are what we call MLATS, Mutual Legal Assistance Treaties. A lot of times it just takes a long time to ask for information. And we know in cybercrime, we need instantaneous help. So I would always encourage countries to reach out to INTERPOL. We have a 24/7 network. That's why we're there. I can't promise we can do everything in every situation, but we will do our very best to make the connection between which countries you need or if you need a particular company. We can't compel, but we'd put you in touch and at least let you have that conversation.

The Cipher Brief: What are the trends you are seeing right now in cybercrime?

Dr. Jetton: What we're seeing primarily is the use of AI in increasing the efficiency, scope, and effectiveness of emails and the phishing scams. They're using this phishing as a platform. You can just blank X as a platform. So it's these tools that you didn't have to have a really sophisticated technical level of abilities, and you can have these tools that allow you to then go out and commit fraud at scale. And so we are seeing that.

Also, what we're seeing is a convergence of different crimes. So cyber is poly-criminal. I live in Singapore, and one of the big things in Southeast Asia are the cybercrime centers. You hear about that all the time. What happens is you have these organized crime groups that are using cybercrime as fraudulent job applications, the emails, things like that, recruiting, and then the human trafficking aspect of it, and then forcing the people to commit the cybercrime while they're there. So we see that as a huge issue, the poly-criminal aspect of cyberware. It doesn't matter if it's human trafficking, drugs, guns—there's going to be some sort of cyber element to all those crimes.

The Cipher Brief: What are some of the most interesting conversations that you've had on the sidelines there? Has there been anything that's surprised you from some of the other guests and speakers?

Dr. Jetton: We were talking about the use of AI and where we think it's going, whether it's kind of positive or negative. What I was surprised at was, I was on a panel and I was the only person that had the glass half empty. I realized that there are some obvious useful uses for AI, and it's a game changer already for law enforcement. But what I see is these technologies being utilized by criminals at a faster rate than what law enforcement can usually do. So I see it as somewhat of a negative knowing that we're going to have to catch up like with AI-produced malware. I think that will be an issue in the future.

Whereas my other panelists were all from the private sector, and they were all like, "No, no, AI is great. It's going to allow us to use it in these positive directions," which is true, but I'm the negative, the Grinch here talking about it from saying that. So I would say that that was probably the most surprising thing.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EXPERT PERSPECTIVE — The timing was no coincidence.

As the U.S. federal government ground to a halt at 12:01 a.m. EDT on October 1, 2025, a cybercriminal group calling itself the Crimson Collective chose that precise moment to publicly disclose one of the most significant supply chain compromises in recent memory. The breach of Red Hat's consulting division, affecting approximately 800 organizations, including critical defense contractors and government agencies, represents more than just another data breach; it demonstrates a sophisticated understanding of how to weaponize American politics for maximum strategic impact.

The stolen data from Red Hat’s repositories reads like a VIP list, including the Naval Surface Warfare Centers, SOCOM, DISA, Raytheon, NASA’s Jet Propulsion Laboratory, and even the House of Representatives. But what’s most concerning isn’t just who was targeted; it’s the precision of when the breach occurred.

With large portions of the federal workforce furloughed and key cybersecurity teams across the government operating with sharply reduced staffing, America’s cyber defense apparatus is running at a fraction of its normal capacity. The normal channels for incident response, DIBNet reporting, cross-agency coordination, and threat intelligence fusion have been significantly slowed.

According to the attackers, the breach itself occurred in mid-September. Yet they waited. They established their Telegram channel on September 24th, tested their capabilities with attacks on Nintendo and Claro Colombia, then synchronized their disclosure with the exact moment of maximum U.S. Government incapacity.

Customer Engagement Reports (CERs) are the crown jewels of consulting, providing detailed blueprints that contain network architectures, authentication tokens, API keys, and infrastructure configurations. Red Hat's consultants held the keys to the kingdom for hundreds of organizations. Now those keys are for sale, with an October 10 deadline that arrives while the government may remain partially paralyzed.

The Belgian Centre for Cybersecurity has already issued warnings about the "high risk" to organizations, but the real concern extends far beyond Belgium. The exposed data includes projects with cryptic references that represent not only a compromised project but also a potential entry point into critical defense systems.

What makes this particularly concerning is the nature of consulting engagements. Unlike product vulnerabilities that can be universally patched, consulting deliverables are custom configurations with unique implementations and specific architectural decisions. There's no single patch to fix this. Each affected organization must carry out its own forensic investigation and reestablish the integrity of its security architecture.

The involvement of ShinyHunters, operating their extortion-as-a-service platform, adds another dimension, making this a confederation of cybercriminal groups that share infrastructure, capabilities, and stolen data. The business model is evolving from ransomware-as-a-service to something more insidious: ecosystem exploitation-as-a-service.

ShinyHunters is simultaneously extorting companies and now joining forces with Crimson Collective to monetize the Red Hat breach. They're not attacking individual companies. They're targeting entire supply chains, betting that the interconnected nature of modern IT infrastructure expands their leverage.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

For adversarial nation-states watching from Beijing, Moscow, Tehran, and Pyongyang, this incident provides a masterclass in asymmetric warfare. The shutdown didn't cause the breach, but it created the perfect conditions for maximum impact.

The timing also suggests potential nation-state involvement or direction, even if it is indirect through cutouts. The targets selected, from defense contractors, government agencies, and critical infrastructure, align too perfectly with strategic intelligence collection priorities. Whether Crimson Collective is a pure criminal enterprise or a deniable asset, the effect is the same: America's defense industrial base is exposed at a moment of maximum vulnerability.

The Red Hat breach isn’t a new kind of threat; it’s a familiar playbook executed through new modalities. Our adversaries have long understood how to exploit U.S. vulnerabilities. What’s changed is their precision and timing. They’ve learned to weaponize not only our technical gaps but also our political divisions, striking not when they’re strongest, but when we’re distracted, and increasingly, we’re signaling exactly when that will be.

The October 10 deadline isn't just about ransom payments. It’s about whether America can safeguard its critical infrastructure when government operations themselves are constrained. The answer to that question will extend well beyond Red Hat’s customer base, sending signals to allies and competitors alike about the resilience of America’s digital ecosystem.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and an

KnowBe4, the human risk management cybersecurity platform, has released its latest research paper “Financial Sector Threats Report,” uncovering critical insights into the escalating cybersecurity crisis facing the global financial sector. The report shows that financial institutions face a perfect storm of AI-enhanced attacks, credential theft and supply chain vulnerabilities that pose systemic risks to the global financial industry.

The research reveals almost all (97%) of major U.S. banks experienced third-party breaches in 2024, while targeted intrusions against financial institutions increased by 109% year-over-year. Most concerning, tests in large financial institutions found that nearly 45% of employees were likely to click on a malicious link or download an infected file, creating entry points for threat actors. The report highlights how threat actors are leveraging AI tools like FraudGPT and ElevenLabs to create more convincing phishing campaigns, while simultaneously moving away from traditional ransomware encryption toward data exfiltration and multi-stage extortion schemes. This evolution allows attackers to use legitimate credentials, making detection significantly more challenging. According to Federal Reserve Bank of New York Staff Reports, even a single day’s disruption in payments by major banks could affect 38% of network banks globally.

Key findings from the report:

●      Financial service firms globally experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024.

●      97% of the largest U.S. banks suffered third-party breaches in 2024, while 100% of Europe’s top financial firms suffered supplier breaches, highlighting vulnerabilities in vendor ecosystems.

●      Analysis of over three million dark web posts shows stolen credentials far outpace credit card theft; infostealer infection attempts increased 58% in 2024 and 68% of attacks originating from email.

●      The U.S. accounts for 60% of all ransomware attacks against financial institutions, with the U.S. and U.K. together representing over 70% of attacks, with increasing activity targeting emerging markets in South Asia and Latin America.

●      Large financial institutions show 44.7% Phish-prone^TM Percentage (PPP) rates initially, but comprehensive security awareness training reduces phishing susceptibility to below 5%.

“Adversaries are gaining an advantage against the financial sector,” said James McQuiggan, security awareness advocate at KnowBe4. “Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritize human risk management to close this critical security gap.”

Download the full KnowBe4 report “Financial Sector Threats: The Shifting Landscape” here. 

About KnowBe4

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset. More info at knowbe4.com.

Follow KnowBe4 on LinkedIn and X.

The post KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge appeared first on IT Security Guru.

Over the course of 2018, Radware’s Emergency Response Team (ERT) identified several cyberattacks and security threats across the globe. Below is a round-up of our top discoveries from the past year. For more detailed information on each attack, please visit DDoS Warriors. DemonBot Radware’s Threat Research Center has been monitoring and tracking a malicious agent […]

The post Top 6 Threat Discoveries of 2018 appeared first on Radware Blog.

Rackspace has been confirmed that the Play group was responsible for the December cyberattack. Hackers hacked the company’s email account. This was achieved using a zero-day exploit.

There is a high probability that the exploit was linked to a vulnerability under CVE-2022-41080. According to an investigation conducted by the same company, the hackers managed to get access to the e-mails and other confidential information, but no evidence was found that they were involved in its distribution.

It also remains a mystery as to whether Rackspace paid a ransom for the information for the cybercriminals. It should be noted that the report was followed by a report from IS company Crowd Strike, which shed light on the new attack used by the Play group. The technique is called OWASRF and is being used to cyberattack Exchange servers for which patches that fix the CVE 2022 41040 or CVE 2022 41083 vulnerability are not applied. Experts say the sequential application of CVE 2022-410800 and CSVE-2021-41082 allows hackers to remotely execute arbitrary code by ignoring OWA Outlook Web Access blocking rules.

Several U.S. nuclear research laboratories have been attacked. According to Reuters, the cyber attacks on the laboratories were carried out by Russian hackers.

According to journalists, over the course of several months in August-September 2022, terrorists attacked the Ernest Lawrence Livermore National Laboratory, the Argonne Laboratory, which is located near Chicago, Illinois, and the Brookhaven National Laboratory in Upton, New York. Among all the facilities attacked, each belongs to the U.S. Department of Energy.

According to reporters, the attacker’s initial goal was to take the scientists’ passwords, which he reached through intimidating threatening emails from employees and creating fake Lab employee pages.

Be that as it may, there have been no official answers to the question of why these sites were chosen as cyberattacks.