Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Hackers who breached the Treasury’s Office of the Comptroller of the Currency (OCC) in June 2023 accessed over 150,000 emails, including sensitive data from bank regulators. Gaining control of a system admin’s email account, it appears the attackers monitored communications for months.
The breach was disclosed to Congress in April 2025 and is one of several recent attacks, including others linked to the Chinese group Silk Typhoon.
It’s a common security misconception: if you’re informed and aware, you can always sidestep basic cybercrime and social engineering tactics. While awareness is certainly crucial and helps lower risks, the ugly truth is this: anyone can fall victim to even the most basic tactics. It’s just a matter of being in the wrong place at the wrong time, creating a numbers game that gives massive advantage to cybercriminals.
Case in point? Longtime internet security expert Troy Hunt fell victim to a phishing attack while jetlagged, resulting in the theft of approximately 16,000 records from his blog subscribers. The scammers sent a convincing email disguised as a notice from Mailchimp claiming his account had been flagged for spam. Sometimes, expertise is no match for jetlag, but Hunt responded admirably and disclosed the breach just 34 minutes later.
Is AI finally taking cybercriminals’ jobs? Well, no, not really – but it might be making cybercriminals’ work even easier by helping them create autonomous phishing armies.
Symantec recently demonstrated how AI agents can automate phishing attacks by tasking OpenAI’s Operator with targeting someone in their organization. Although initially refusing on ethical grounds, the AI complied when researchers claimed authorization, exposing a serious vulnerability. Operator successfully located its target using public data, deduced a private email address, created a PowerShell script, and sent a phishing email.
VikingCloud research reveals that nearly one-fifth of small to medium-sized businesses would close following a successful cyberattack, with almost a third shutting down after incidents costing under $10,000.
The survey also revealed that, despite 60% of surveyed SMBs recognizing they’re prime targets for cybercrime, many have significant defense gaps – 74% self-manage security or rely on untrained contacts, 33% use outdated technology, and 20% lack access altogether. Common vulnerabilities include weak passwords, insufficient data backups, and absence of multi-factor authentication.
Unfortunately, Eftsure found similar trends in our own research, with a notable portion of small businesses foregoing anti-fraud controls altogether.
The FBI is investigating an Oracle data breach involving two outdated servers from which a hacker accessed usernames but no usable passwords or customer data. Oracle says its current Cloud Infrastructure (OCI) was not compromised. Despite leaked data appearing from 2024 and 2025, Oracle claims only old credentials from a legacy system were affected.
Separately, Oracle Health faced a breach in January impacting US patient data, now linked to an extortion attempt.
A BBC investigation uncovered widespread whisky cask investment fraud affecting hundreds of victims, including one with a terminal cancer diagnosis. Three companies are under police investigation for selling non-existent or overvalued casks, or selling the same cask multiple times. One company, Cask Whisky Ltd, is operated by convicted fraudster Craig Brooks using various pseudonyms. Police are collecting information from affected investors.
NZ banks are reimbursing scam victims—but businesses remain exposed. Learn what CFOs must do to protect payments beyond the new consumer protections.
The FBI’s 2024 Internet Crime Report reveals a sharp rise in cyber-enabled fraud, with reported losses reaching $16.6 billion, up 33 percent …
Discover key 2025–26 Budget updates on cyber, compliance & digital ID—what finance leaders need to know to protect payments and stay audit-ready.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
