Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Discover the top cyber risks in the financial sector for 2025, from ransomware to AI-driven fraud, and how CYJAX helps detect scams early.

CYJAX has identified a growing trend of AI-based tools being developed and shared across threat actor forums for fraudulent and cybercriminal purposes, highlighting the need for proactive monitoring and defence against evolving AI-driven threats.

This blog discusses PhishinGit, a phishing campaign uncovered by CYJAX that abuses GitHub.io pages to distribute malware disguised as Adobe downloads. It explains how threat actors used Browser-in-the-Browser (BitB) techniques, Dropbox-hosted payloads, and anti-analysis JavaScript to evade detection. The blog also explores the attack chain, observed mitigations, MITRE ATT&CK mapping, and indicators of compromise (IOCs) to help organisations identify and defend against similar threats.

This blog explores a CYJAX investigation into a search engine poisoning campaign impersonating 14 global airlines, including KLM, Delta, and Lufthansa. Over 150 fake support pages were found hosting fraudulent contact numbers, tricking users into calling threat actors. The post examines how these scams exploit SEO, manipulate AI-enhanced search results, and what users can do to stay protected.

CYJAX has expanded its ransomware group coverage, giving clients broader visibility and faster intelligence on emerging threats. This blog highlights the surge in global ransomware attacks and explains how this product update enhances organisational resilience in an evolving threat landscape.

CYJAX has conducted research into the known use of AI on social media for fraudulent activities, uncovering how malicious actors exploit these technologies to deceive users and spread misinformation.

The UK government’s plan to introduce mandatory digital ID cards has sparked widespread debate, with critics warning of privacy concerns, cybersecurity risks, and potential government overreach.