Secure Digital World (SDW)

  India’s Indian Cybercrime Coordination Centre (I4C) issued an advisory on June 10, 2026 warning that cybercriminals are using AI-generated deepfake videos and synthetic identities to target facial authentication, liveness verification, Video-KYC, account recovery, and unauthorized access to financial and digital services . The advisory says fraudsters may collect facial recordings through deceptive video calls, fake job interviews, or social-engineering tactics, then use AI tools to generate realistic digital replicas for attempted security bypass. This warning is highly relevant for banks, fintechs, and digital-payment platforms because it shifts the focus from classic phishing toward the compromise of digital identity itself. If attackers can defeat onboarding controls or account-recovery workflows, they may be able to open fraudulent accounts, activate digital wallets, take over legitimate accounts, or create mule infrastructure before traditional transaction monitoring eve...

  Europol has announced the disruption of AudiA6 , a cryptocurrency laundering service suspected of processing more than €336 million in illicit funds and linked to over 15 international cybercrime investigations . U.S. prosecutors separately charged two alleged operators and said roughly 10,333 BTC had been deposited into AudiA6 wallets since the service launched in 2021 . Public reporting says the service was used by ransomware actors, darknet-market operators, and other cybercriminal networks seeking to cash out stolen digital assets while obscuring the money trail. This incident is especially important because it shows that ransomware does not end with encryption or extortion. It continues through the financial layer: payment routing, laundering, cash-out, and reinvestment into future attacks. When a laundering pipeline is disrupted, it does not eliminate ransomware risk overnight, but it does interfere with one of the most important operational enablers of the cybercrime eco...

A June 12 report highlighted Google’s legal action against the operators of the “Outsider” phishing kit, a platform allegedly used to conduct large-scale phishing attacks with the support of artificial intelligence. Reuters reported that Google said the kit mimicked hundreds of trusted websites and used AI tools, including Gemini, to help generate fraudulent sites designed to steal personal and financial information. Google’s own blog said the operation was tied to 9,000 fake websites, more than 1 million fraudulent URLs, and 2.5 million messages sent to Android users over a two-week period. This case is especially important because it shows how phishing infrastructure is becoming more scalable, more convincing, and more dangerous when combined with AI-assisted content generation. Instead of relying only on manual fraud preparation, attackers can now rapidly create realistic fake websites, scam messages, and impersonation campaigns at much greater speed and volume. This is why AI-enabl...

A June 14 report highlighted a cyberattack that disrupted services at four major Iranian banks: Bank Melli, Bank Tejarat, Bank Saderat, and the Export Development Bank of Iran. According to Iranian state media, the incident targeted the shared communications infrastructure used by these institutions, causing temporary service disruption while technical teams worked to restore operations. This incident is especially important because it shows how cyber attacks against financial institutions do not always need to directly destroy systems or steal data to create real impact. Disrupting shared infrastructure, communication channels, or core service availability can quickly affect trust, access to banking services, and operational continuity. From a financial-sector cybersecurity perspective, this is a strong reminder that resilience is as important as prevention. Banks and other financial institutions depend on highly interconnected systems, and even a limited disruption in one part of the...

A June 12 threat intelligence report from Mandiant and Google Threat Intelligence Group described an active compromise and extortion campaign attributed to UNC6240, also tracked as ShinyHunters, targeting Oracle PeopleSoft infrastructure through CVE-2026-35273. The activity was observed between May 27 and June 9, before Oracle’s June 10 advisory, meaning affected organizations were exposed during a zero-day window. This issue is especially important because PeopleSoft supports core organizational functions such as human resources, finance, and supply-chain operations. Oracle says the vulnerability is remotely exploitable without authentication and may result in remote code execution. Public vulnerability records identify affected PeopleTools versions as 8.61 and 8.62, and CISA’s Known Exploited Vulnerabilities catalog includes CVE-2026-35273 as actively exploited. From an enterprise security perspective, this incident is a reminder that business-critical platforms are part of the moder...