BankInfoSecurity.com

Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks
Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia H200 chip sales to Chinese firms, fueling concerns that U.S. technology access could accelerate Beijing's frontier AI and military-linked ambitions.

'Have I Been Pwned' Founder Troy Hunt Reviews Impact on People and Organizations
The volume of data breaches that result in stolen personal data being leaked online has been surging, "courtesy of the ShinyHunters," and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and CEO of Have I Been Pwned.

Computing Giant Touts Multi-Agentic 'MDASH' Approach as Superior to Single Models
Microsoft says its new approach to finding vulnerabilities with artificial intelligence agents outclasses the single models touted by Anthropic and OpenAI. MDASH is only being utilized internally by Microsoft engineers and tested by a "small set of customers as part of a limited private preview."

Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud
In this week's panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks.

Hackers Constantly Break 'Confirmation of Data Destruction' Promises
When a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."

Chuck Robbins Warns Customers Face Growing Exposure From Equipment Past Support
Cisco is embedding Anthropic's Claude Mythos Preview into internal security operations to test code, accelerate patching and push infrastructure upgrades, even as it lays off 4,000 employees to redirect spending toward AI, silicon, optics and security.

Also: Indictments in Theft Case, KelpDAO Restarts Operations
This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services after the $292 million hack and the U.S. Department of the Treasury tightened oversight of Binance.

As Regulators Tighten Liability Rules, Banks Face Pressure to Justify Fraud Losses
So far, banks have managed to strike a balance between fraud prevention and customer convenience, often accepting a certain level of loss rather than introducing controls that could slow payments, increase false declines or drive customers to competitors.

France's Mistral Makes Digital Sovereignty Case for a European Mythos
The European Central Bank added to mounting warnings sent to financial institutions that they must urgently act to protect their systems from artificial intelligence-enabled cyberattacks. British experts warned that gains in AI models' cyber capabilities appear to be accelerating.

Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'
Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.

Malicious npm Package Lets Attackers Capture Refreshed Tokens
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open Source
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

A Live Panel Discussion with CyberEdBoard and Fortinet
Secure Access Service Edge is entering mainstream adoption. Enterprises are shifting from point solutions to platforms. And AI is now at the core of SASE.