Top news stories this week
- Banking error. Finance sector raises alarm over Claude Mythos announcement.
- Grand theft data. Rockstar Games and Zara affected by third-party breaches.
- Booked and hooked. Booking.com breach followed by message-based phishing attempts.
- A W3LL‑executed takedown. International law enforcement operation dismantles W3LL phishing network.
- Crime doesn’t pay. New cybercriminal gang extorts rival in ransomware attack.
- The devil you know. Kraken cryptocurrency exchange extorted following insider threat.
1. Banking sector on high alert after Claude Mythos release
Senior bankers and politicians have raised concerns about the potential impact for Claude Mythos to enable destructive AI-driven cyber-attacks on the global financial sector. The new model reportedly has advanced capabilities to discover and exploit software vulnerabilities. It has only been shared with a limited number of partners under Project Glasswing, including several US banks, after Anthrodpic claimed it was too dangerous to release.
So what?
While Mythos is highly powerful, its ability to identify software vulnerabilities is not unique. As AI helps attackers shrink their timeframes, organisations should be prepared to rapidly implement urgent patches and adopt a defense in depth posture to detect and respond to breaches.
[Researcher: James Tytler]
2. Rockstar Games and Zara affected by third-party breaches
Grand Theft Auto developer Rockstar Games suffered a data breach when the cybercrime gang ShinyHunters compromised one of Rockstar’s third party provider, the data analytics company Anodot. According to Rockstar Games, the data accessed by ShinyHunters did not impact the organisation or its players.
Separately, Inditex, the parent company of retail giant Zara, is investigating a security incident after unauthorised access was detected in its databases. The incident has been linked to an earlier security breach involving a former technology provider.
So what?
Organisations can strengthen their third-party security by enforcing strong authentication and least‑privilege access, segmenting critical systems, monitoring for suspicious activity, and maintaining robust incident‑response preparedness.
[Researcher: Milda Petraityte]
3. Booking.com breach fuels WhatsApp and messaging scams
Booking.com has confirmed a data breach in which hackers accessed customer reservation data, prompting the travel platform to reset booking PINs and notify affected users directly. Exposed information includes names, email addresses, phone numbers and reservation details, increasing the risk of highly targeted follow‑on scams including reported WhatsApp and email phishing campaigns.
So what?
The leaked reservation data is enabling highly convincing phishing scams to be delivered via SMS and messaging apps such as WhatsApp, not just via email.
[Researcher: Lawrence Copson]
4. International law enforcement operation dismantles W3LL phishing network.
The FBI and Indonesia’s National Police have dismantled the W3LL phishing-as-a-service operation, seizing its infrastructure and detaining its alleged developer. The platform enabled attackers to bypass multi‑factor authentication, contributing to attacks on over 17,000 victims worldwide and over $20 million in attempted fraud.
SO WHAT?
The takedown highlights both the scale and maturity of phishing‑as‑a‑service ecosystems, including MFA-bypass techniques, and shows that disrupting cybercrime at the infrastructure and developer level, through cross‑border law enforcement cooperation, can meaningfully degrade widely abused attack capabilities.
[Researcher: Jenny Eysert]
5. New cybercriminal gang extorts rival in ransomware attack
A newly emerged ransomware group, 0APT, has targeted a rival cybercriminal gang known as Krybit, threatening to expose the real identities and locations of its members unless a ransom is paid. 0APT has reportedly already leaked sensitive data belonging to Krybit, including member and affiliate credentials, and cryptocurrency wallet addresses. The case continues to mark a trend of cybercriminals targeting each other.
So What?
Threat actor infighting offers intelligence opportunities, revealing membership details, infrastructure, and operational methods. This situation underscores the fast-changing threat landscape, where unpredictable new actors increase the demand for accurate threat intelligence for victimised organisations.
[Researcher: Jack Woods]
6. Insider at Kraken contributes to extortion by cyber criminals
Kraken, a major US cryptocurrency exchange, confirmed it is being extorted by cybercriminals after discovering a video showing access to its client support systems. Investigations revealed insider involvement, with a support worker recruited by threat actors. The compromised data was limited to the customer support information of 2,000 accounts, and all affected individuals have been contacted.
SO WHAT?
Insider threat is a continual risk which organisations can mitigate by implementing controls which align with the principle of least privilege and focus on prevention and swift detection. These can include reducing access rights, monitoring account activity, data loss prevention tooling.
[Researcher: Adelaide Parker]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
