BankInfoSecurity.com

Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks
North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report.

DeepSeek, MoonShot AI, MiniMax Used 24,000 Fake Accounts in Campaign
Anthropic has accused three Chinese AI firms of running coordinated, large-scale operations to steal capabilities from its Claude models. The U.S.-based company said DeepSeek, Moonshot AI and MiniMax are conducting "industrial-scale campaigns" using tens of thousands of fraudulent accounts.

How Claude's New AI Code Scanning Tool Will Challenge Application Security Leaders
Anthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Shared Network Intelligence Adds Ecosystem Visibility to AI Models
Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks.

New Programs Aim to Counter Foreign Influence Over Tech Standards
The White House is operationalizing its AI action plan with export-ready "American AI stack" packages, a U.S. Tech Corps and new standards initiatives, aiming to entrench U.S. infrastructure in allied nations while countering foreign influence over global AI governance.

What often appears to be turf wars between healthcare technology management, facilities OT staff, IT departments and security teams are often the result of unclear ownership and accountability for device security. And that presents safety risks to patients, says Mohammed Waqas, CTO of Armis.

Cisco: One Prompt May Not Break Most AI Models, But a Conversation Will
Cisco tested eight major open-weight artificial intelligence models and found multi-turn jailbreak attacks succeeded nearly 93% of the time, exposing a blind spot in how enterprises assess and deploy large language models safety.

Fintech Giant Says Personal Data Exposed for About 100 Business Users of Loan App
Financial services firm PayPal said it discovered a data breach that lasted for six months, exposed some business customers' personal information and led to fraudulent charges. The company said about 100 customers were affected, and that it has fully refunded them for fraudulent charges.

AI Code Scanner Rattles a $200B Industry
Anthropic launched Claude Code Security, an AI tool that found 500+ undetected bugs in production code. Cybersecurity stocks dropped sharply, but analysts are split on whether the disruption signals a genuine industry reckoning or a market overreaction.

Also: AI, Machine Identity Risks; Europe’s Digital Sovereignty Push
In this week's panel, four ISMG editors examined how cybercriminals may be turning on each other, what security leaders are really saying about machine identities and AI risk, and how shifting U.S.-Europe dynamics are reshaping technology resilience and digital sovereignty.

Prompt Candidates to Wave, Check IP Addresses and Ask About Their Supposed Location
They're young, tech-savvy and often the most productive remote worker on the team. They're a major security risk numbering in the thousands that a multitude of Fortune 500 companies have unwittingly ushered into their network. They are North Korean IT workers.

Critical Vulnerability Could Give Attackers Foothold in Clinical Networks
Federal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.

Researchers Say PromptSpy Automates Persistence on Infected Devices
A newly discovered Android malware strain, "PromptSpy," is using Google's Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware.

AI-powered ransomware compresses attacks from weeks to minutes. Michael Villar, director of field security technology at Akamai, says banks need AI-driven segmentation to contain intruders fast, limit lateral movement and protect sensitive data before extortion begins.