Threat Briefing: January 16, 2026

Nation-state and financially motivated attackers are using more advanced tactics, such as AI-driven fraud, cryptocurrency laundering, QR-code phishing, and web skimming, while increasingly abusing trusted infrastructure like cloud services, payment platforms, and legitimate authentication flows to evade detection.

As financial cybercrime and credential-theft campaigns continue to rise, these trends reinforce the need for stronger identity protection, improved fraud detection, and stricter security validation of third-party technologies.

• Nation-State Crypto Abuse Surges in 2025 – Illicit cryptocurrency activity surged more than 160% in 2025, reaching at least $154 billion as sanctioned nations, including Russia, Iran, and North Korea, used digital assets to evade financial restrictions. Russia’s A7A5 token alone accounted for roughly $93 billion in illicit transactions, while Chinese criminal syndicates played a key role in global laundering networks. Dark Reading
• CEOs Rank Cyber Fraud as Top Threat – Cyber-enabled fraud has overtaken ransomware as CEOs’ leading cybersecurity concern, according to the World Economic Forum’s Global Cybersecurity Outlook 2026. Nearly three-quarters of CEOs were impacted by cyber fraud in 2025, with most reporting increased activity, while ransomware has fallen out of the top three risks. AI vulnerabilities and software exploitation now follow closely, signaling a shift in executive focus toward fraud prevention and AI risk management. Security Week
• North Korea Expands QR-Code Phishing Attacks – The FBI warns that North Korea’s Kimsuky group is using malicious QR codes in spear-phishing emails to evade security controls. These “quishing” attacks target governments, think tanks, and academia, leading victims to mobile-optimized credential-harvesting sites that can bypass MFA. Because they rely on mobile devices, the attacks often evade traditional detection tools, making quishing a growing enterprise threat. Dark Reading
• Sophisticated Web Skimming Hits Online Payments – Researchers uncovered a long-running web skimming campaign targeting online payments at major networks, including American Express and Mastercard. Active since 2022, the attack uses evasive JavaScript to steal payment and personal data during checkout, manipulating forms and self-destructing to avoid detection, highlighting the growing sophistication of e-commerce threats. The Hacker News
• Fake Facebook Logins Fuel Credential Theft – Cybercriminals are using browser-in-browser (BitB) attacks to display convincing fake Facebook login pop-ups that steal user credentials. These campaigns abuse trusted cloud services and common lures like security alerts to evade detection, enabling account takeovers, fraud, and data theft. Bleeping Computer