Coinbase has disclosed a significant data breach involving insider threats, as revealed in a recent SEC filing. The breach did not stem from a direct compromise of Coinbase’s systems, but rather from external attackers bribing a group of customer support agents to extract customer data.

Security researchers at Wordfence have uncovered a dangerous malware campaign targeting WordPress websites.

Source: Temenos

Temenos (SIX: TEMN), a global leader in banking technology, today shared insights from a worldwide survey conducted by Hanover Research, which gathered perspectives from 420 business and technology leaders in financial services on the transformative impact of Generative AI (GenAI) in banking.

In recent weeks, UK retailers Marks & Spencer, Co-op, and Harrods have faced significant cyber attacks, raising concerns about the vulnerability of major businesses to sophisticated hacking tactics.

Check Point Research (CPR), the threat intelligence division of Check Point Software Technologies, has released its Q1 2025 Brand Phishing Ranking, revealing that Microsoft remains the most impersonated brand in phishing attacks, accounting for 36% of all attempts.

The Office of the Comptroller of the Currency (OCC) has alerted Congress to a "major incident" involving a cyberattack that compromised sensitive internal communications.

In an open letter, Patrick Opet, Chief Information Security Officer at JPMorgan Chase, has raised alarms about the Software-as-a-Service (SaaS) model, cautioning that its widespread adoption is fostering significant cybersecurity vulnerabilities and undermining global economic stability.

Source: Terra Security

Terra Security, an Agentic AI-native penetration testing service-as-a-software platform, raises $8M in a seed round led by SYN Ventures and FXP Ventures with participation from Underscore VC and notable angel investors including former Google CISO Gerhard Eschelback, Ofer Ben-Noon and Ohad Bobrov, founders of Talon Security, Travis McPeak and Itamar Friedman.

From late 2024 through early 2025, state-sponsored threat groups from North Korea, Iran, and Russia began using a social engineering technique known as ClickFix to distribute malware.

Google has reported the discovery of 75 zero-day vulnerabilities exploited in the wild in 2024—a drop from 98 in 2023, though still up from 63 in 2022. Nearly half (44%) of these flaws targeted enterprise products, with 20 found in security and networking appliances.

Source: FS-ISAC

To help financial firms prevent fraud attempts on their companies and customers, FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, has published Leveling Up: A Cyber Fraud Prevention Framework for Financial Services.

North Korean IT workers are intensifying their fraudulent employment schemes, extending their reach beyond the United States to target organizations worldwide, with a particular focus on Europe. According to Google’s Threat Intelligence Group (GTIG), these workers are not only seeking jobs under false pretenses but are also escalating their tactics by extorting money from companies that discover and terminate them.