PII mega-dumps/phishing: ShinyHunters Wynn 21k/Hims&Her Zendesk/Okta/Salesforce/Panera/Trivy + Remita/Southern Illinois + SNAP/VENOM/Vidar/stealers + AI vishing/BEC/AiTM/OAuth + FBI IC3 $17.7B
Key Questions
What were the FBI IC3 reported losses for 2025?
The FBI IC3 reported $17.7 billion in total losses, including $893 million from AI scams across 22,000 complaints. Cybercriminals increasingly targeted schools and hospitals.
Which healthcare providers announced PII data breaches?
ProxyCare, Oscar Health, and AccentCare announced breaches exposing PII and SSNs. Hims & Hers also reported a Zendesk support system breach affecting customer names and contacts.
How does the WhatsApp malware campaign evade detection?
The campaign uses renamed Windows tools and VBS LOLBins delivered via WhatsApp files to silently install malware and gain control. It creates hidden folders for evasion.
What is the VENOM phishing campaign?
VENOM targets business executives by name with emails mimicking SharePoint notifications containing Unicode QR codes. It facilitates devious phishing for credential theft.
How are stealers like Vidar being spread?
Fake TradingView Premium Reddit posts spread Vidar and AMOS stealers. Unknown stealers evade detection, targeting platforms like Steam.
What AI-enabled phishing exploits OAuth?
An AI phishing campaign automates device code phishing to bypass 15-minute OAuth expiration for account takeovers, especially in M365. Adversary-in-the-middle attacks render MFA useless.
What breach affected Wynn Resorts?
ShinyHunters hacked Wynn Resorts, impacting 21,000 employees. The group has been active in high-profile data breaches.
What is the status of Remita data breach investigation?
Nigeria's NDPC is investigating Remita and Sterling Bank over an alleged data breach. It involves potential exposure of user payment data.
FBI IC3 2025 $17.7B losses/$893M AI scams (22k complaints); ProxyCare/Oscar/AccentCare healthcare PII/SSN leaks; WhatsApp VBS LOLBin malware evasion; tax scams AI voice/phishing surge; stealers Steam evasion; AI OAuth ATO/M365 AiTM; Lumma 72% ATO.