The attacker who hit the most financial services organizations over the past 12 months never phished a password. They called an IT support line, convinced an employee to reset their MFA, and registered their own device on the network.

CrowdStrike’s 2026 Financial Services Threat Landscape Report, released this month and covering activity from April 2025 through March 2026, identified Mutant Spider as the single most active threat to the financial services sector. The group’s primary technique was voice phishing over Microsoft Teams. Operators impersonated internal IT support, convinced employees to reset their credentials and multifactor authentication, then registered their own devices on corporate networks. The security control worked exactly as designed — and that was the problem.

Within days, the FBI published a public service announcement warning about Kali365, a phishing-as-a-service platform sold on Telegram for as little as $250 a month. Kali365 captures Microsoft 365 OAuth tokens through the legitimate device code authentication flow. MFA fires on the victim’s device, not the attacker’s. The token grants persistent access to Outlook, Teams, and OneDrive without triggering another MFA prompt.

The Verizon 2026 Data Breach Investigations Report, also released in May, confirmed that credential theft dropped to 13% of breach initial access vectors. Vulnerability exploitation took the top position at 31%, displacing what Verizon called the longtime leading initial-access category. That’s three independent sources, same structural finding. MFA protects password-based authentication, but the attacks dominating financial services increasingly bypass password theft through resets, token grants, and exploitation. The MFA Bypass Exposure Audit Grid at the end of this article maps all five confirmed attack surfaces from the CrowdStrike, FBI, and Verizon reports, what MFA misses on each one, and the specific fix for Monday morning.

The CrowdStrike numbers paint a sector under sustained pressure

Financial services ranked as the fourth most targeted sector by Q1 2026, accounting for 12% of all observed adversary activity, according to the CrowdStrike report. Globally, financial institutions faced 43% more hands-on-keyboard intrusions in 2025 compared to two years earlier. In North America, that figure was 48%.

The e-crime side of the problem grew faster than most defenders expected. Big game hunting operators named 423 financial services entities on dedicated leak sites during the reporting period. That is a 27% increase from the 334 entities named in the prior 12 months. REVENANT SPIDER, which operates the Qilin ransomware-as-a-service program, posted the most financial services victims of any e-crime adversary on its dedicated leak site. The group’s financial services victim count jumped from 14 to 97 over the reporting period.

“Who needs a zero day if all you have to do is call the help desk and say, ‘I forgot my password’?” Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, told VentureBeat. That one sentence captures the structural shift his team documented across twelve months of financial services intrusions.

The interactive intrusion breakdown tells the story of who is actually getting inside these networks. E-crime actors drove 75% of hands-on-keyboard intrusions against financial services. State-sponsored adversaries accounted for the remaining 25%. That ratio has not moved since 2023. What changed is the total volume and the sophistication of the access techniques.

Mutant Spider’s vishing campaigns over Microsoft Teams represent a structural shift in initial access. The group impersonates IT support, manipulates employees into resetting MFA, then deploys custom post-access tools including PrionFlaire, SocksLoader, and SleepyMutagen. CrowdStrike believes the group sells that access to ransomware operators. The Teams call is step one. The ransom note is step five.

“Who needs a zero day if all you have to do is call the help desk and say, ‘I forgot my password’?”

Scattered Spider returned to aggressive ransomware operations against insurance companies from April through July 2025, following a significant operational pause that began in December 2024. The group ran the same playbook it has used since 2022: help desk social engineering; credential and MFA reset requests; then lateral movement through integrated SaaS applications to locate data for extortion. In September 2025, the U.K.’s National Crime Agency arrested and charged two members for allegedly targeting Transport for London. The U.S. Department of Justice separately charged one of them in connection with multiple cyberattacks against U.S. critical infrastructure.

State-sponsored groups added scale and speed

The report’s state-sponsored findings reinforce the identity problem from a different direction. DPRK-nexus adversaries stole $2.02 billion in digital assets in 2025, a 51% increase from the prior year. In February 2025, Pressure Chollima executed the largest single theft ever reported, stealing $1.46 billion in cryptocurrency by compromising Safe{Wallet}, a digital asset management platform supporting the Bybit exchange, after a developer’s machine was infected through a trojanized Python project. China-nexus groups conducted sustained campaigns against financial institutions across multiple continents. Hollow Panda exploited Check Point VPN appliances to target banks in the Philippines, Indonesia, and Brazil. Vault Panda gained initial access through compromised VPN and firewall appliances across four continents. Every state-sponsored campaign CrowdStrike documented shared a common thread. The adversary’s first move targeted an identity, a credential, or a trusted access path.

Elia Zaitsev, CrowdStrike’s CTO, told VentureBeat in April that the speed of these operations is outpacing traditional defense models. “Traditional approaches are just not designed for this sort of behavior,” Zaitsev said.

Kali365 turns token theft into a subscription service

The FBI’s May 21 public service announcement on Kali365 confirmed the second attack path that makes this a compound problem. The platform exploits Microsoft’s OAuth 2.0 device authorization grant flow, a mechanism designed for devices like smart TVs and conference room systems that cannot support interactive login. Kali365 sends phishing emails impersonating trusted services like Adobe Acrobat Sign, DocuSign, and SharePoint. The email contains a device code and instructions to visit a legitimate Microsoft verification page. The victim authenticates normally. MFA fires. The token goes to the attacker.

Arctic Wolf, which published a technical deep dive on Kali365 in April, documented a three-tier commercial structure. An admin tier for the developers, an agent tier for resellers, and a client tier for paying affiliates. Subscription pricing runs from $250 for 30 days to $2,000 for a year. The platform supports 14 languages and includes AI-generated phishing lures, automated campaign templates, and a real-time tracking dashboard.

The device code flow is not a vulnerability. It is a feature. Microsoft designed it for devices that cannot support interactive login. The problem is that default Entra ID configurations do not restrict its use, and most organizations have never audited whether any legitimate workflow actually requires it. Kali365 exploits that gap between design intent and deployment reality.

The Verizon DBIR reinforced that assessment from a different angle. The 2026 edition analyzed more than 22,000 confirmed breaches across 145 countries. Vulnerability exploitation at 31% now leads credential abuse at 13%. The median time for full patching increased to 43 days, up from 32. Organizations patched only 26% of critical flaws in CISA’s Known Exploited Vulnerabilities catalog, down from 38% the prior year.

That data creates a clear picture. The industry has spent two decades building defenses against credential theft. The attacks that are actually working in financial services either remove MFA through social engineering or capture tokens through legitimate authentication flows where MFA does not protect the attacker’s session.

MFA Bypass Exposure Audit Grid

Security directors need to run this audit against their environment this week. Each row represents a confirmed attack path from the three reports above.

Mike Riemer, SVP and field CISO at Ivanti, told VentureBeat in an exclusive interview that the speed problem compounds the budget misalignment. “Threat actors are reverse engineering patches, and the speed at which they’re doing it has been enhanced greatly by AI,” Riemer said. “They’re able to reverse engineer a patch within 72 hours. If I release a patch and a customer doesn’t patch within 72 hours of that release, they’re open to exploit.”

The structural problem is clear

“People are forgetting about runtime security,” Zaitsev said. “We’ve done this before, with endpoint and virtualization and cloud. People really focused on, hey, let’s patch all the vulnerabilities. Impossible. Let’s make sure we lo

ck down all the permissions. Somehow always seem to miss something.”

The attackers who matter most in financial services right now are not stealing passwords. They are calling help desks. They are exploiting legitimate authentication flows. They are capturing tokens that persist for months. The defenses that consumed the largest share of security budgets for the past decade are pointed at a threat that just dropped to third place.

The fix is not adding another layer of MFA — Zaitsev and Riemer both said as much. It’s rethinking what MFA actually protects, what it doesn’t, and where the budget needs to go next.

• Sony’s 2026 TV range has now all been announced
• Three tiers: RGB mini-LED, OLED and LED
• In sizes from 43 inches to 115 inches

Sony has just launched two new Bravia TVs today, with the new Bravia 7 II and Bravia 9 II replacing the current Bravia 7 and Bravia 9. The new models have RGB mini-LED backlights and fairly hefty prices: the Bravia 7 II starts at £1,899 / $1,599 (about AU$3,560) for a 50-inch model, and this rises to £22,999 / $30,999 (about AU$43,165) for the Bravia 9 II at 115 inches.

Although the two highest-end models simply replace their predecessors, other models in the current Bravia range are a little more confusing: both the Bravia 8 and the Bravia 8 II are available, while there’s no Bravia 5 II – just the Bravia 5. And have you ever tried saying the name of the Bravia 2 II out loud to someone? It requires explanation!

It’s a little confusing (though only a little by TV-naming standards), but it all makes more sense when you see that the Bravias are broken into three tiers: True RGB mini-LED, OLED and LED respectively. The bigger the number, the further up the list it lives.

Latest Videos From

Which Bravias are in the Sony range of 2026 TVs?

Merck is using AI agents to cut drug discovery cycles by a third and ship compliant marketing materials up to 80% faster — but VP of Digital Platforms Sean Finnerty says the only reason it’s working is because they built the infrastructure first.

And the pharmaceutical manufacturer is seeing promising early results: AI is generating marketing drafts that are “99% right” when it comes to compliance, shrinking review cycles from months to days and accelerating delivery by 70% to 80%. In the company’s medical research, meanwhile, one AI-assisted discovery cycle was reduced by 33%.

Still, agentic AI only works if companies first build the underlying “plumbing,” Finnerty said of digital platforms and services at a recent AI Impact Series event.

“If we do one-offs, we’re gonna end up with thousands and thousands of things that are ultimately just gonna be debt that we’ll have to deal with later,” he said. “And that’s gonna be a drag on any further innovation.”

Starting with the plumbing

Merck’s plumbing-first strategy comes from lessons learned during the early days of cloud in the 2010s “when nobody knew what the heck was going on,” Finnerty said.

Getting the cloud right meant building from the ground up; at Merck, that infrastructure now supports 2,500 AWS accounts, numerous Microsoft Azure subscriptions, and new Google Cloud Platform (GCP) integrations.

“AI is gonna be the same exact thing,” Finnerty said. “We’re going to have thousands and thousands of agents.” The questions then pile up: How do you register them? How do you secure them? How do you ensure they’re connected to the right tools, and have access to the right data and the right context?

Context delivery is also critical; Merck works with three hyperscalers and has forty-seven edge locations and hundreds of databases. “Many, many petabytes” of structured and unstructured data are stored in Oracle databases, SQL databases, Excel spreadsheets, phone transcripts, and other repositories, Finnerty said.

His team is building scaffolding to deliver meaningful context in various situations, he explained. Data must be organized and ingested into various platforms, because “there’s no one solution to solve every single problem.” Sometimes it’s Databricks, other times it’s Amazon Redshift, “plus four other things.”

The goal is: “Let’s make that easy and frictionless for people to do, and secure it, and make sure it’s well integrated with MCP [model context protocol], and A2A [Agent2Agent], and upstream compute,” Finnerty said. “If you wanna run stuff on GCP or you wanna run stuff on AWS, we’ve got the plumbing in place so you can run your adjacent workloads wherever you want.”

How Merck is using agents

As it builds out its technical plumbing, Merck is experimenting with agents across regulated enterprise operations, scientific discovery workflows, and app modernization.

Notably, AI is accelerating drug discovery. Finnerty explained that scientists look at molecular structures and disease states to determine if a given condition is druggable. But even if a disease state is known, developing a drug to target it can take years.

Now with AI, teams are starting to see “very promising things,” such as cutting one particular research cycle down by one-third. “That’s a year off of the life of the discovery cycle,” Finnerty said. “Which means, theoretically, we can get it to a patient who needs that therapy a year faster.”

Once developed and approved, these products are regulated and marketing materials around them must be clearly and explicitly articulated. “The way you communicate that information per market, per country, per state, per region, is all very carefully governed and regulated,” Finnerty said. It’s also variable: An ad campaign for a vaccine in the state of Georgia looks much different from one launched in Canada.

Historically, humans did the due diligence to make sure the company complied with various laws. Draft materials go through iterations of reviews; when a mistake is discovered, it gets “kicked back to the beginning, and it goes through it again, and then it takes another however many weeks and months,” Finnerty said.

But now, AI can do that “much, much more effectively,” and the process is increasingly evolving from a human-in-the-loop to essentially a “human-as-governor.” With human oversight, AI can deliver a first draft in a day or week that is 99% there, allowing teams to ship materials up to 80% faster.

Meanwhile, when it comes to app modernization, AI can discover architecture, document data interactions, APIs, network paths, and do authentication checks and authorization; it can also write code for Terraform for deployment and refactor JavaScript into Python.

Where the company would have previously spent weeks and months and hundreds of thousands of dollars to update one application, Finnerty said, agents are now handling the work through prompts.

Running into “wackiness”

That’s not to say there aren’t significant challenges; Finnerty noted that his team has run into some “wackiness”; for example in automated code and scenario testing. AI has blatantly made up scenarios, whether due to incorrect context, infrastructure, “or if it was just getting creative with, ‘You should be testing these three functions that don’t even exist in the code that you’re trying to test.’”

“That surprised me a little bit because I thought we were further past some of the hallucination challenges in these later models,” he said.

To address this, his team has engineered guardrails to keep hallucinations to a minimum, essentially using AI to supervise AI and applying confidence scores. So if Claude created the first output, they’ll instruct Microsoft Copilot to assess it.

“So if you ask something once, have AI check it, then ask it a third time, the confidence increases every time, and it minimizes some of the garbage that gets created in the early runs,” Finnerty said.

Use cases for agentic AI in financial services

Meanwhile, at Mastercard, Chief Data Officer Andrew Reiskind and his team are focusing agentic experimentation on highly orchestrated transaction and dispute workflows. As he noted, a chargeback or fraud dispute is not a single event.

When a consumer disputes a charge (typically online), that “kicks off an entire other process on the back-end that tends to be very labor-intensive,” Reiskind said.

Mastercard has to collect specifics about the actual dispute; then the merchant has its own investigations (Was the card reported as lost or stolen? Does the consumer dispute charges often?). Further, the network sitting in the middle has its own rules for timing and information submission.

“You have each and every one of these steps, many of which are unstructured, but there are also structured data elements to this,” Reiskind said. Whether a card was lost or stolen tends to be structured, but the consumer complaint is “unstructured data of questionable reliability.”

“So you’re sitting there with a decisioning system that has deterministic decisions, but also probabilistic decisions,” he said.

This problem can be sped up and potentially solved by AI agents, but that can be a complex process: Which tasks are you handing off to agents? When are they kicking things back to human reps? How many agents are you ultimately using? What are the cost implications?

Then there are reputational questions and costs: Have you just called a consumer potentially a liar when they weren’t lying?

“It’s an exact problem where you want to, as a bank, maintain trust with your consumer,” Reiskind said. “But you also wanna make this efficient and take costs out of the system.”

The PB&J versus turkey mistake: Determine what risks are acceptable

There’s always going to be risk with AI, and enterprises should assess it from the beginning of product design, Reiskind said. There’s also the question of acceptable risk.

As an example: Did you serve a customer a peanut butter jelly sandwich instead of a turkey sandwich (a minor inconvenience)? Or did you serve gluten to someone with celiac disease?

“Is it an acceptable risk if one percent of the time it makes the mistake? If it is, let’s go to the next stage of how you’re mitigating that risk,” Reiskind said.

Leaders must perform cost-benefit analysis, break problems down to their “constituent pieces,” and calculate cost for each one. But these are estimates; it’s near-impossible to forecast real usage, Reiskind said. “It is not a simple process to get to the cost,” he said. “But it is doable.”

The Illinois House of Representatives passed a bill on Wednesday requiring frontier AI labs like OpenAI, Anthropic, and Google DeepMind to have their safety practices audited by a third party. If signed into law, AI safety experts tell WIRED, it would be the nation’s leading check on the power of major AI companies.

The bill, SB 315, now heads to governor JB Pritzker’s desk. In a post on social media on Wednesday, Pritzker said he plans to sign the bill, citing a need to hold Big Tech accountable.

Since Congress has yet to pass any meaningful AI safety legislation, state lawmakers have happily stepped up in recent years to promote bills that show their constituents they’re keeping Silicon Valley in check. As AI tools become increasingly popular, and the companies behind them race toward massive IPOs, polls show that American voters are looking for more AI regulation.

As a result, safety advocates and tech companies have zeroed in on state legislatures as the primary battleground to hash out how these laws should look. OpenAI’s chief of global affairs, Chris Lehane, told WIRED last week that the company’s AI policy is now oriented around passing a series of similar state laws.

California and New York have the strongest AI safety laws, requiring tech companies to provide information about model guardrails and to publish reports on safety incidents as they occur. Illinois’ bill goes a step further, requiring independent auditors to verify that an AI lab is adhering to its own safety standards. Previously, no independent body was required to keep an AI lab accountable to its own safety claims.

“We’re in a situation where the AI companies grade their own homework,” says Scott Wisor, policy director at Secure AI Project, a nonprofit that supports SB 315. “Should SB 315 become law, Illinois would require an independent auditor to check whether the AI labs in fact adhere to their safety commitments.”

Wisor says it’s broadly expected that, under SB 315, AI labs could use the Big Four accounting and auditing firms—Deloitte, EY, KPMG, and PwC—to audit their safety practices. He also says it’s possible that AI labs could tap members of the AI Evaluator Forum—a coalition of smaller research organizations including METR, Transluce, and Averi—to assess adherence to safety standards.

Illinois state representative Daniel Didech, a sponsor of SB 315, tells WIRED that state legislatures are playing an important role by shaping America’s AI policy and acting as a testing ground for any federal laws that might come in the future. “Laws like this create a world where it’s more likely for the federal government to pass something,” Didech says.

Corporate Interests

Illinois has emerged as a major arena in the ongoing fight over state AI laws. OpenAI previously supported a bill in Illinois that would let AI labs dodge liability if their models caused catastrophic harm. However, Lehane has since said the company’s blanket support for the bill was an oversight, and it never supported the liability shield in the bill. More recently, OpenAI endorsed SB 315.

“The Illinois General Assembly has shown real bipartisan leadership in advancing SB 315 and developing a thoughtful framework for frontier AI safety. As AI systems become more capable, clear expectations around safety, transparency, incident reporting, and accountability matter,” Lehane said in a statement to WIRED.

Virtualization

Hyperscalers can get hardware before enterprise vendors and buyers don’t much care where they land

Hyperscalers’ purchasing power means bare metal servers offered by major clouds can now be cheaper and easier to acquire than on-prem servers, according to Nutanix CEO Rajiv Ramaswami.

The CEO told The Register hyperscalers’ ability to buy servers and memory in bulk means they can often make infrastructure available faster than enterprise hardware players, and sees some customers who have previously preferred on-premises infrastructure heading for the cloud.

Ramaswami said he expects high memory and solid state storage prices will persist into next year and noted the impact of current price rises on the cost of servers.

“What that means for customers is they need to plan and budget carefully,” he said. “They pick servers on price and lead time” – and clouds often win on both metrics.

At the same time, Ramaswami said customers increasingly favor on-prem AI infrastructure to keep costs predictable. They want that because the CEO thinks AI remains “one of those things where people feel they have to do it” and return on investment is unclear.

“People are seeing incremental benefits,” he said, citing document search and summaries as the most common on-prem AI applications. Nutanix, he said, has measured a ten-percent improvement in service response times from using AI, while its developers are delivering new features 50 percent faster than before they used AI helpers.

Enterprise virtualization stacks like Nutanix’s products can require several hefty hosts to run. Ramaswami said he’s comfortable the footprint of his company’s products is not an issue for new buyers, but that he is also keenly aware that customers are looking for smaller hosts – and even servers running non-x86 processors.

For now, he doesn’t see sufficient appetite for Arm servers that Nutanix will devote developer time to porting its stack to that platform. But if demand comes, Ramaswami is confident it won’t be a major job as FOSS projects the company relies on – such as Kubernetes and the KVM hypervisor – already run on Arm silicon.

The CEO’s remarks came on the same day Nutanix reported its Q3 2026 results, which included news that the company won 730 new clients in the last quarter with Ramaswami saying “most moved from legacy vendors to us.”

That’s almost certainly a reference to VMware. Whether Nutanix is hurting its rival remains to be seen: pre-acquisition VMware had over 350,000 customers and now focuses on the top 10,000. Nutanix can pick up former Virtzilla users without disrupting Broadcom’s master plan.

Ramaswami said many new customers have taken advantage of Nutanix’s shift to allow use of external storage, a change from its previous insistence on using only its own software-defined storage. The CEO said the company scored a pair of seven-figure deals with companies that chose to continue using external storage from Everpure (formerly Pure Storage) and Dell, respectively.

Q3 revenue was $703 million, a ten percent year on year jump. Nutanix has always preferred to emphasize annual recurring revenue as a metric, and that rose 15 percent year over year to $2.43 billion.

Investors liked what they heard, sending Nutanix’s share price up a couple of points in after hours trading. ®

Don’t worry: It will keep your profiles and scrobbles.

Apple TV is bringing Patrick Brammall’s Australian thriller “Last Seen” to its growing lineup of serialized crime dramas with a global premiere set for later in 2026.

Apple shared a first look at the six-episode series on May 27, and confirmed “Last Seen” will debut globally on September 9, 2026. Patrick Brammall’s latest drama joins a growing lineup of weekly thrillers and crime series on the streaming platform.

Brammall stars in the adaptation of Ryan David Jahn’s award-winning novel “The Dispatcher.” Apple TV originally developed the project under the same title, before the shift to “Last Seen.”

“Last Seen” follows police detective Ian Ridley, whose daughter vanished 11 years ago without a trace. A distress call from a teenage girl convinces Ridley she may be Maggie and pulls him back into the search for his daughter.

Production took place in Victoria, Australia, with Kris Mrksa adapting the novel and serving as an executive producer. Emmy Award-nominated filmmaker Christian Schwochow directed and executive produced the series.

Alongside Brammall, the cast includes Maxine Peake, Brendan Cowell, Daniel Henshall, Jessica Wren, Zahra Newman, and Chloe Jean Lourdes.

Thrillers remain a major focus for Apple TV

Crime dramas and serialized thrillers continue occupying a prominent place in Apple TV’s original programming slate. Recent releases and renewals have kept the service closely associated with prestige dramas built around recognizable actors and weekly release schedules.

Prestige originals including Best Picture winner “CODA” helped establish Apple TV as a destination for high-profile original programming. Acclaimed spy dramas and breakout science-fiction series have continued pushing the streaming service deeper into prestige television.