scott.swabey@lafinboy.com

Summery: Researchers studied 2,800 ransomware attacks and found that about 80% involved artificial intelligence. Attackers are using AI in many ways: generating phishing content, creating malware, driving deepfake-based social engineering, cracking passwords, and bypassing CAPTCHA systems. The paper argues that just having AI tools for defense isn’t enough. Effective cybersecurity requires three defense layers: ....

A new Android malware called NGate steals card details and PINs by abusing NFC features on infected phones. It tricks victims into tapping their physical card against the compromised device, capturing data and one-time codes used for instant ATM withdrawals. Criminals can then clone the card virtually and withdraw cash without needing physical access. ....

Google Chrome now lets users store driver’s licenses and passports in its autofill feature, promising encryption and permission-based access. While the data is protected within the browser, experts warn that storing such sensitive details in Chrome increases risk if your Google account is hacked or malware gains access. Chrome’s large market share makes it ....

The Wired video “Following Your Stolen Data Through The Dark Web” explains what happens to personal and corporate information after a cyberattack. It describes how state-sponsored hackers, hacktivists, and criminal groups steal data for different purposes, from espionage to profit. The piece explores how stolen information flows through private networks and dark web marketplaces, ....

Researchers from the University of Vienna found a major flaw in WhatsApp’s contact-discovery feature that let them check tens of billions of phone numbers and extract about 3.5 billion registered user numbers, along with many users’ profile pictures and “about” texts. The weakness stemmed from minimal rate-limiting: they could probe roughly 100 million numbers ....

In mid-November 2025, the report notes that Anthropic detected what appears to be one of the first autonomous AI-driven cyber-espionage campaigns, in which an AI agent (built using Claude Code) carried out most of a multi-stage attack with minimal human oversight. The document argues this marks a major shift: attackers may now scale operations ....

According to Axios, executives at major companies (including many in the Fortune 500) are scrambling after Anthropic warned that a Chinese state-sponsored hacker group used its AI agent tools (notably Claude Code) to automate parts of cyber-espionage campaigns.  The incident signals a shift in cyber threat landscape, where malicious actors are increasingly harnessing AI ....

The article reveals a surge in fake calendar invites used as phishing attacks, where scammers send events that can’t easily be deleted and often reappear through synced devices, aiming to trick users into calling a number, clicking a link, or attending a fraudulent meeting. It explains how to remove these from platforms like Outlook, ....

The article reveals a surge in fake calendar invites used as phishing attacks, where scammers send events that can’t easily be deleted and often reappear through synced devices, aiming to trick users into calling a number, clicking a link, or attending a fraudulent meeting. It explains how to remove these from platforms like Outlook, ....

Scammers are ramping up their attacks this holiday season, with FBI and Amazon warning of a surge in “account takeover” (ATO) fraud targeting shoppers. According to data from TransUnion, ATO incidents rose 21% from the first half of 2024 to the first half of 2025, and by 141% since the first half of 2021, ....