In partnership with
⏱️ ≈ 7-minute read
Editor’s Note: Holiday shopping is here, and scammers are acting like it’s tax season. Meanwhile, attackers are pushing AI-generated malware into the wild, vendors are still the weakest link, and ransomware gangs are recruiting everyday employees. Cozy season is officially threat-actor season.
📬 This Week’s Clickables
📌 Big News
AI-powered holiday scams; banking vendor breach
🚨 Can’t Miss
Oracle zero-day, AI espionage, AI malware, FBI ATO warning, ClickFix steganography, LG Energy ransomware, November breach roundup
🤖 AI in Cyber
AI supply-chain exploitation, zero-day + AI malware, RaaS boom, AI side-channel leaks, innovation vs hygiene gap
🧪 Strange Cyber Story
Ransomware gang tries to recruit a journalist
🚨 Big Stories
🎁 Black Friday Scams Go Fully AI
Holiday Shopping Opens the Door for Deep-Fake, AI-Fueled Scams
Intro:
The holiday shopping season — usually a retail bonanza — is shaping up to be a jackpot for fraudsters. Deepfake storefronts, AI-generated ads, and machine-polished phishing campaigns are flooding inboxes and social feeds.
What Happened
Researchers are tracking a surge in AI-generated scam sites and deepfake retail ads designed to mimic major brands. Some operations use AI chatbots as fake customer service reps — persuading victims to “fix issues,” reset accounts, or process fake payments.
Why It’s Important
Holiday urgency + deal-seeking behavior makes shoppers vulnerable. This year, generative AI has leveled up scam realism to the point where even cautious buyers can get fooled.
The Other Side
Retailers are pushing fraud alerts and spinning up takedown teams, but malicious sites outside traditional domains are harder to dismantle quickly.
👉 Takeaway: If the deal looks unreal, it probably is — especially if it came from an AI.
TL;DR: AI-enabled holiday scams are exploding, and the polished look makes them harder to spot.
Further Reading:
In 2024, consumers reported $10.3 billion in cybercrime losses to the FBI — the largest annual total ever recorded. (Source: FBI IC3 Report)🏦 Vendor Weak Link Exposes Major Banks
Major Banking-Vendor Hack Could Expose Customer Data at Top US Banks
Intro:
Once again, a single vendor breach may spill into multiple major financial institutions. SitusAMC — a widely used financial-services partner — is at the center of an incident that could touch top-tier U.S. banks.
What Happened
Attackers infiltrated SitusAMC systems, potentially exposing mortgage records, account identifiers, and sensitive partner data belonging to institutions like JPMorgan, Citi, and Morgan Stanley.
Why It’s Important
Even highly funded security programs crumble when a weak vendor leaves the door cracked. This incident illustrates the systemic fragility of financial supply chains.
The Other Side
SitusAMC claims impact may be limited, and some banks say early reviews look promising — but investigations are active and ongoing.
👉 Takeaway: Third-party risk isn’t a side quest — it’s the main plotline in modern cybersecurity.
TL;DR: A vendor breach threatens data across multiple major banks, proving that vendor hygiene remains a critical blind spot.
Further Reading:
Earn a master's in AI for under $2,500
AI skills aren’t optional—they’re essential. Earn a Master of Science in AI, delivered by the Udacity Institute of AI and Technology and awarded by Woolf, an accredited institution. During Black Friday, lock in savings to earn this degree for under $2,500. Build deep AI, ML, and generative expertise with real projects that prove your skills. Take advantage of the most affordable path to career-advancing graduate training.
🔥 Can’t Miss
🔧 Cl0p Exploits Oracle E-Business Suite Zero-Day, Hitting Dozens of Corporations
Cl0p is exploiting an unpatched Oracle EBS zero-day affecting nearly 30 corporations. Legacy enterprise software remains a lucrative target for sophisticated attackers.
👉 Key takeaway: If Oracle EBS is running unpatched, the question is not “if” — but “when.”💳 FBI: $262M Lost to Account-Takeover Fraud in 2025
The FBI warns that holiday shopping season will accelerate already-surging account-takeover fraud. Over 5,100 ATO complaints have already been filed this year.
👉 Key takeaway: This might be the holiday season’s most expensive threat.🎨 ClickFix Steganography Malware Campaign Uses Fake Windows Updates
A deceptive campaign called “ClickFix” is tricking users into running malicious commands under the guise of “fixing Windows updates.” The malware is hidden inside seemingly harmless files using steganography.
👉 Key takeaway: Attackers are getting craftier — and abusing user trust in system prompts.💸 Ransomware-as-a-Service Surges
Affiliate-driven RaaS operations continue expanding, with mid-sized organizations increasingly targeted.
👉 Key takeaway: Ransomware has become a franchised business model.🔐 Top Data Breaches of November 2025
November saw a flood of major breaches: Under Armour, Mixpanel, DoorDash, Oracle-linked incidents, and multiple financial institutions.
👉 Key takeaway: Breach fatigue is real — but ignoring it won’t save you.
Choose the Right AI Tools
With thousands of AI tools available, how do you know which ones are worth your money? Subscribe to Mindstream and get our expert guide comparing 40+ popular AI tools. Discover which free options rival paid versions and when upgrading is essential. Stop overspending on tools you don't need and find the perfect AI stack for your workflow.
🤖 AI in Cyber
🛠️ AI-Driven Supply-Chain Attacks Accelerate
Attackers increasingly use AI tools to analyze dependencies and exploit supply-chain weaknesses.
👉 Key takeaway: Your supply chain is now an AI-powered attack target.🕵️♂️ State-Sponsored Hackers Use Claude to Run Automated Espionage Campaign
A foreign-aligned threat group used Anthropic’s AI coding tool to automate reconnaissance and intrusions across 30+ global targets.
👉 Key takeaway: Automated cyber-espionage has officially arrived.🔍 AI Side-Channel “Whisper Leak” Attacks Emerge
New research shows AI workloads may leak sensitive info even when encrypted, thanks to side-channel emissions.
👉 Key takeaway: AI doesn’t eliminate risk — it shifts it.🧰 Innovation or Insecurity? Companies Chase AI While Ignoring Basics
Many organizations are rolling out AI tools while leaving patching, identity controls, and asset management behind.
👉 Key takeaway: AI hype can’t compensate for weak fundamentals.
🧟♂️ Strange Cyber
📰 “We’ll Make You Rich” — Ransomware Gang Tries to Recruit a Journalist
Insider-Threat Attempt Turns Into MFA Bombing Attack
Intro:
In one of the more bizarre cyber incidents of the year, a ransomware gang attempted to bribe a journalist for access to his newsroom’s internal systems — then retaliated with an MFA-bombing attack when he refused.
What Happened
The Medusa ransomware gang contacted a well-known journalist offering a cut of future profits if he provided corporate network access. When he declined, attackers began repeatedly triggering MFA notifications to lock him out of his accounts.
Why It’s Important
This is a wild crossover of insider threat tactics, psychological manipulation, and harassment. Instead of hacking in, the gang tried to recruit their way in — and used MFA abuse as retaliation.
The Other Side
The journalist declined, reported the attempt, and regained account control — but the episode highlights how attackers are blending cyber and social manipulation in increasingly brazen ways.
👉 Takeaway: Attackers aren’t just hacking systems — they’re trying to hack people for access.
TL;DR: A ransomware gang attempted to turn a journalist into an insider threat, then MFA-bombed him when he said no.
Further Reading:
Enjoying Exzec Cyber? Forward this to one person who cares about staying ahead of attacks!
Hate everything you see or have other feedback? Reply back to this email.