The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their Microsoft cloud environments.

A massive international law enforcement operation, involving agencies from 40 countries, has led to the arrest of over 5,500 individuals connected to financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.

Finastra, a leading provider of solutions to over 8,000 financial institutions, is investigating a breach of its internal file transfer platform, where hackers stole more than 400 gigabytes of data.

Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database belonging to Care1, a Canadian provider of AI-driven software solutions for optometrists.

Russian authorities have reportedly detained Mikhail Pavlovich Matveev, known by aliases such as Wazawaka, Uhodiransomwar, and Boriselcin. Matveev, wanted by the FBI since 2023, is linked to major ransomware groups including Hive, LockBit, and Babuk, which have been responsible for devastating cyberattacks on critical infrastructure, government agencies, and businesses worldwide.

Cybersecurity experts are sounding alarms over a newly emerged tool called GoIssue, designed to facilitate mass phishing campaigns targeting GitHub users.

Allied Irish Bank (AIB) is advising customers to stay alert against rising fraud risks, especially during the holiday season when many relax their vigilance. The bank has identified the top five fraudulent tactics prevalent in 2024, urging consumers to take proactive steps to protect themselves.

In a significant blow to national financial security, hackers have infiltrated the Central Bank of Uganda's systems, breaching its firewalls and siphoning off $17 million from Treasury accounts.The attack, discovered earlier this week, has raised alarms about the robustness of cybersecurity infrastructure within critical financial institutions, not only in Uganda but across the African continent.

North Korean state-sponsored group BlueNoroff, a subgroup of the Lazarus Group, has launched a new malware campaign called "Hidden Risk," targeting cryptocurrency and DeFi businesses. SentinelLabs researchers found that the campaign, active since July 2024, employs phishing emails and PDF-based lures with fake crypto news headlines to trick victims into clicking on malicious links.

Experian's 12th annual Data Breach Industry Forecast warns that data breaches will continue unabated in 2025, with AI emerging as a dominant force in both cyberattacks and defenses.

According to an IBM study, the average cost of a data breach in 2024 has climbed to nearly $5 million, marking a 10% increase from the previous year. At the AFP national conference, this stark reality set the stage for an immersive session aimed at equipping finance teams with the skills needed to respond swiftly and effectively to cyber threats.

S&P Global Ratings has highlighted poor corporate vulnerability remediation as a significant risk factor. Analyzing data from over 7,000 rated companies, S&P found that 40% address known system flaws "infrequently," leaving them exposed.