In today’s cybersecurity news…
New wave of NFC relay fraud, call hijacking, and root exploits in banking sector
Researchers at ThreatFabric have released a report describing a new Android trojan called PhantomCard that “abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions targeting banking customers.” Currently these attacks are occurring in Brazil. Based on an NFC relay malware-as-a-service of Chinese origin, the tool “relays NFC data from a victim’s banking card to the fraudster’s device.” It is distributed on fake Google Play web pages and features deceptive positive reviews to persuade victims into installing the app.
Canada’s House of Commons suffers cyberattack
According to the Canadian news broadcaster CBC News, the attack occurred last Friday. The House of Commons, which is somewhat similar in mission and function to the U.S. Congress, alerted staff on Monday about an information breach, stating stated that “a malicious actor was able to exploit a recent Microsoft vulnerability to gain unauthorized access to a database containing information used to manage computers and mobile devices,” as well as employees’ names, job titles, office locations and email addresses. No threat actor has yet been identified.
Zoom fixes critical Windows client flaw that could enable privilege escalation
The flaw has a CVE number (CVE-2025-49457) and a CVSS score of 9.6 and exists within Zoom Clients for Windows. An advisory from the company confirms that “an untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.” The advisory also lists the various products affected. A link is available in the show notes to this episode.
(Security Affairs and Zoom advisory)
Microsoft fixes Windows 11 24H2 updates that failed under WSUS
Microsoft has now resolved an issue that may have otherwise prevented the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Services (WSUS). Windows Server Update Services is a twenty-year-old product that “helps IT administrators defer, approve, and schedule updates for Microsoft products on enterprise networks from a single local update server, rather than having each endpoint update from Redmond’s own servers. Microsoft fixed the issue after learning of widespread reports from Windows administrators regarding error messages receive while installing the update.
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Italian hotel guests may be hit by cyber heist
The Italian government has issued a warning that “identity documents belonging to tens of thousands of people who had stayed at hotels in the country allegedly have been stolen and are being illegally sold online.” Italy’s computer emergency response team states that “a cybercriminal going by the handle “mydocs” had offered more than 90,000 documents for sale. The documents, “allegedly obtained from 10 different Italian hotels, are high-resolution scans of identity-confirming materials used during check-ins, including passports and other forms of official ID cards.”
New York sues Zelle creator over $1 billion in thefts
New York Attorney General Letitia James announced the lawsuit against Early Warning Services (EWS) on Wednesday, alleging that the creator of the Zelle electronic payment platform “did little to stop scammers from using it to steal more than $1 billion from users between 2017 and 2023.” The suit claims that “the company knew from the beginning that scammers were abusing the platform but did not adopt basic safeguards to protect users.”
Hackers expand Cobalt Strike reach to Linux and MacOS
Japan’s CERT coordination center revealed yesterday its observation of incidents that “involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control.” This activity was detected between September and December 2024 and targeted numerous countries.
Booking.com faces another sneaky fishing trick
Back in June we covered a story about Booking.com dealing with the ClickFix Captcha scam, and now the travel organization is dealing with a new challenge, a variation on an old-school homograph scam in which a letter in a URL is replaced by a similar looking character. This time it is a Japanese hiragana ん character that looks like a forward slash and a tilde together. In this particular case, the phishing email containing the bogus link purported to be a follow-up to a “Complaint of Service.” This is occurring at the same time that financial software company Intuit is dealing with a similar homograph scam with the capital letter I being replaced by a lower case “L.”