Cyber Fortnight

United States of America United States Approves First Round of Crypto-Focused Banks. On 12 December 2025, the Trump Administration approved plans to launch five new cryptocurrency-focused national banks, part of its push to give the industry broader access to the traditional financial system. Circle, Ripple, BitGo, Fidelity Digital Assets, and Paxos received approval on applications filed with the Office of the Comptroller of the Currency (OCC) to launch or convert to n

United States of America Former Government Contractors Delete 96 Databases across Multiple Agencies. On 3 December 2025, Twin brothers Muneeb and Sohaib Akhter were arrested in Alexandria, Va., for allegedly stealing and destroying government data held by a government contractor minutes after they were fired from the company earlier this year. They worked at Washington-based Opexus which provides services and hosts data for more than 45 federal agencies. The Department

United States of America SitusAMC — Key Third Party to Major Financial Institutions, Breached. On 22 November 2025, SitusAMC, which major banks use to manage their real-estate loans and mortgages, disclosed that a breach occurred on its corporate systems on 12 November 2025. “Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ c

United States of America Anthropic’s Claude Used for Chinese Espionage Campaign. On 13 November 2025, Anthropic published a report about how Chinese malicious actors abused the Claude AI tool to automate espionage operations. The malicious actors “used AI's 'agentic' capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” The campaign targeted around thirty organizations—including large tech companies, fi

United States of America Amazon Reveals Cause of AWS Outage. On 20 October 2025, AWS, experienced a significant outage, impacting online services worldwide for at least 15 hours. Major platforms like Canva, Coinbase, Disney+, Facebook, Fortnite, Lloyds Banking Group, Lyft, McDonalds, Perplexity, Reddit, Ring Doorbell, Roblox, Snapchat, United Airlines, WhatsApp, Zoom, AWS itself, and check-in kiosks at LaGuardia Airports — highlighting AWS's central role in digital inf

United States of America JPMorganChase Announces 1.5 Trillion Investment in National Security. On 13 October 2025, JPMorganChase announced the Security and Resiliency Initiative, a $1.5 trillion, 10-year plan to facilitate, finance and invest in industries critical to national economic security and resiliency. The company will focus on the following four key areas, supporting companies across all sizes and development stages by offering advice, providing financing, and,

United States of America Oracle E-Business Suite Exploited. On 29 September 2025, the Cl0p ransomware syndicate claimed to have breached Oracle’s E-Business Suite, which runs core operations including financial, supply chain and customer relationship management. The malicious actor provided proof of compromise to victims including screenshots and file trees. According to Oracle, their “ongoing investigation has found the potential use of previously identified vulnerabilities

United States of America SalesLoft Breach was Due to GitHub. On 6 September 2025, Salesloft published an update regarding Mandiant's investigation into the attacks and provided more clarity on how the malicious actor compromised the supply chain. In March through June 2025, the malicious actor accessed the Salesloft GitHub account which contained the private source code for the company. With this access, the malicious actor was able to download content from multiple reposito

United States of America Salesloft Drift Compromised. On 26 August 2025, Google Threat Intelligence reported that the Salesforce customers that used Salesloft Drift are likely compromised — most likely by Shiny Hunters. Salesloft Drift is an AI-powered chat agent that allows websites to provide real-time, human-like customer interaction that can be turned into Salesforce leads as well as other customer relationship management platforms, Slack, Google Workspace, Amazon S3, Mi

United States of America Google Project Zero Will Notify Public Regarding Product Vulnerabilities in 7 Days. On 29 July 2025, Google’s Project Zero changed how it reports vulnerabilities. Within approximately one week of reporting a vulnerability to a vendor, Project Zero will publicly share that a vulnerability was discovered. It will share: (1) The vendor or open-source project that received the report; (2) The affected product; and (3) The date the report was filed, and wh

United States of America Stablecoin Now Recognized Currency and Regulated. On 18 July 2025, President Trump signed the GENIUS Act into law. It establishes the first comprehensive federal framework for regulating payment stablecoins, a type of cryptocurrency designed to maintain a stable value. The law aims to provide clear regulatory pathways for stablecoin issuers while also imposing significant compliance requirements. Today, there are some $265 billion in circulation. Citi

United States of America Cloudflare Blocks AI Scrapers. On 1 July 2025, Cloudflare announced that it intends to “block known AI web crawlers by default to prevent them from “accessing content without permission or compensation.” “If the Internet is going to survive the age of AI, we need to give publishers the control they deserve and build a new economic model that works for everyone – creators, consumers, tomorrow’s AI founders, and the future of the web itself,” said Matt