Zelle, the popular bank-backed peer-to-peer payments service, is defending itself against a lawsuit from New York Attorney General Letitia James, who claims the platform allowed scammers to steal over $1 billion between 2017 and 2023.
The Australian Securities and Investments Commission (ASIC) has accused ANZ of “acting unconscionably” in its management of a $14 billion bond deal for the Australian Government, alleging the bank overstated its bond trading volumes by tens of billions of dollars over nearly two years.
Swift has conducted experiments using privacy-enhancing technologies (PETs) to allow financial institutions to securely share fraud intelligence across borders. In one scenario, PETs enabled participants to verify suspicious account information in real time, potentially accelerating the detection of complex international financial crime networks and preventing fraudulent transactions before they occur.
Citi and US Bank Mastercard cardholders will be the first to access Mastercard’s new Agent Pay technology, ahead of a wider U.S. launch during the holiday season and a subsequent global rollout. Introduced in April, Agent Pay is Mastercard’s entry into the emerging agentic payments space, allowing AI agents to handle shopping and payment tasks on behalf of users.
A once-dormant macOS backdoor, known as ChillyHell, is showing signs of renewed activity. First linked to threat actor UNC4487 and discovered in 2023 by Mandiant, the malware was recently detected again by Jamf Threat Labs. A new Intel-based sample appeared on VirusTotal in May 2025 with a rare “zero” detection score, raising alarms about its ability to bypass traditional defenses.
Wealthsimple has confirmed a data breach that exposed sensitive customer details, including contact information, government-issued IDs, account numbers, IP addresses, Social Insurance Numbers, and dates of birth. The incident impacted fewer than one percent of the company’s three million clients.
Threat hunters have uncovered 45 domains linked to China-backed groups Salt Typhoon and UNC4841, some dating as far back as May 2020.
At least 18 widely-used JavaScript code packages, collectively downloaded over two billion times per week, were briefly compromised after a developer was phished. The phishing email tricked the maintainer into submitting a one-time two-factor authentication token on a fake NPM login page, giving attackers access to his account. The malicious code was narrowly focused on intercepting cryptocurrency transactions, redirecting funds to attacker-controlled wallets without visible signs to users. Security experts warn that a similar attack with a more harmful payload could easily trigger a large-scale malware outbreak.