Financial services are among the most targeted sectors in cybersecurity due to the direct monetary value of successful attacks. Banks, insurance companies, investment firms, and payment processors face sophisticated threats including banking trojans, BEC campaigns, and nation-state espionage targeting financial intelligence. defend.network monitors threats affecting the financial sector with a focus on regulatory implications and fraud prevention.
F5 patched critical NGINX RCE (CVE-2026-42530). Microsoft disclosed active Windows clipboard-stealing malware spreading via USB worms since Feb 2026. INC ransomware claims 830+ victims; Salesforce data stolen through Klue OAuth breach by Icarus group.
Fortinet FortiSandbox faces active in-the-wild exploitation of three CVEs. Android banking trojan Rokarolla targets 217 financial apps with 137 remote commands. Google Vertex AI SDK bucket-squatting flaw enables unauthorized model hijacking.
FBI dismantles Outsider Enterprise phishing network; Arch Linux AUR compromised with 400+ malicious packages deploying credential stealer and rootkit; Splunk Enterprise CVSS-9.8 RCE patched.
Check Point VPN zero-day (CVSS 9.3) actively exploited since early May; Linux kernel use-after-free now has public exploit; NSO Group continues WhatsApp phishing despite federal court injunction.
ChatGPT share links abused for malware delivery; Marimo CVE-2026-39987 exploited with LLM agents for post-compromise activity; Dutch authorities seize 800 Russian-linked servers and arrest hosting executives.
Ghost CMS SQL injection actively exploited across 700+ sites; Microsoft 365 phishing service Kali365 bypasses MFA; multi-ecosystem supply-chain attacks deliver credential stealers.
GitHub suffered breach of 3,800+ internal repos via TeamPCP. Microsoft disrupted malware-signing operation. SonicWall VPN and Drupal require urgent patching.
Canvas learning platform compromised in extortion attack affecting hundreds of schools; supply-chain attacks hit JDownloader, Hugging Face, and Trellix; banking trojan TCLBANKER targets 59 financial platforms; critical ICS/OT breaches at water treatment plants.
Critical threats including TCLBANKER banking trojan, Canvas platform breach disrupting nationwide education, and active Ivanti zero-day exploitation require immediate response across financial, education, and government sectors.
Critical vulnerabilities in Palo Alto Networks and Ivanti EPMM under active exploitation. PCPJack credential stealer worm targeting cloud infrastructure. Russian state actors harvesting Office tokens via router compromise.
Critical vulnerabilities in cPanel and MOVEit, widespread RMM-based phishing compromising 80+ organizations, and supply-chain malware in PyTorch Lightning demand immediate patching and credential rotation.
Critical supply-chain attacks on SAP npm packages and North Korean AI-assisted malware, combined with cPanel authentication bypass and state-sponsored credential harvesting, create immediate existential threats to enterprise infrastructure and critical systems.
Critical RCE vulnerabilities in GitHub and Hugging Face, destructive VECT 2.0 ransomware, Russian token harvesting, and BlueNoroff deepfake attacks demand immediate defensive action.
Critical zero-day exploits in Microsoft Defender and Apache ActiveMQ, Russian state-sponsored token harvesting, and sophisticated ransomware evasion techniques pose immediate threats requiring emergency patching and threat hunting.
Critical zero-day in Adobe Reader, state-sponsored credential theft via routers, and major supply-chain compromises demand immediate action across all organizations.
State-sponsored DPRK and China-linked APT campaigns, critical FortiClient RCE exploit, and cascading supply chain attacks affecting European institutions and npm ecosystem.
Critical vulnerabilities in Next.js, Cisco IMC, and Progress ShareFile actively exploited; $280M cryptocurrency theft attributed to North Korea; credential harvesting impacts 766 hosts
Critical Citrix vulnerability actively exploited, Axios npm supply chain attack spreading RAT, OpenAI vulnerabilities enabling data theft, state-sponsored APT operations escalating against telecom and healthcare sectors
Critical Oracle RCE, Russian state-sponsored phishing, Trivy supply-chain worm, and Iran-backed healthcare wiper attacks demand immediate emergency response and patching across enterprise infrastructure.
Critical vulnerabilities in Oracle Identity Manager and Langflow actively exploited; Trivy supply chain attack escalates with CanisterWorm across 47 npm packages; Russian intelligence phishing campaigns compromise thousands.
Critical VMware ESXi vulnerability actively exploited by ransomware operators. BlackSuit group claims major U.S. healthcare breach. CISA adds 3 new CVEs. Microsoft patches Windows kernel zero-day. New PhishRelay kit enables real-time MFA bypass.
This week's verified vulnerability coverage is limited to one actively exploited CVE: CVE-2026-20253 affecting Splunk Enterprise, which CISA has added to its Known Exploited Vulnerabilities catalog wi
Three verified CVEs dominated this week's reporting: one actively exploited Linux kernel vulnerability (CVE-2022-0492) now in CISA's Known Exploited Vulnerabilities catalog, one proof-of-concept relea
This week presents an exceptionally high-risk threat landscape with multiple critical vulnerabilities under active exploitation across infrastructure, enterprise, and open-source ecosystems. Immediate
This week marks a significant surge in actively exploited vulnerabilities, with three critical flaws requiring immediate patching across IT infrastructure and OT systems. The Ollama out-of-bounds read
This week presents an exceptionally high-risk threat landscape dominated by active exploitation campaigns and critical infrastructure vulnerabilities. Federal agencies face an immediate Sunday deadlin
This week presents elevated risk from actively exploited vulnerabilities across network infrastructure, IoT devices, and enterprise software. Immediate patching is required for Cisco Firepower/ASA dev
This week presents elevated risk across OT/ICS sectors with multiple critical RCE vulnerabilities in industrial control systems and emerging threats to cloud infrastructure. Active exploitation of Mic
This week presents an elevated threat landscape dominated by actively exploited critical vulnerabilities in both IT and OT environments. Iranian-affiliated threat actors are actively targeting US crit
This week presents elevated risk with five critical vulnerabilities actively exploited in the wild, including FortiClient EMS and video conferencing systems requiring immediate patching. Organizations
This week reflects sustained critical threats across OT/ICS and enterprise systems with multiple actively exploited vulnerabilities. F5 BIG-IP APM (CVE-2025-53521) and Citrix NetScaler (CVE-2026-3055)
This week demands immediate attention. Two actively exploited vulnerabilities (VMware ESXi and FortiOS) require emergency patching. Organizations using Windows Server should prioritize the kernel priv
Subscribe free and never miss a threat briefing.