5,200 Exposed Controllers, 700+ Banks Targeted, Mobile Fraud Escalates

BankGhost Builder shows how banking attacks are getting easier to launch. The tool is being promoted as a ready-made way to create banking malware, run phishing campaigns, steal credentials, and target more than 700 banks across multiple regions.

NFCShare also evolved into a mobile fraud campaign using fake banking pages, short links, and GitHub-hosted Android apps. At the same time, CyberAv3ngers continued targeting US water and energy utilities, with more than 5,200 Rockwell controllers still exposed online. The brief also covers five serious Common Vulnerabilities and Exposures (CVEs) affecting IBM WebSphere, Fortinet, Microsoft, Palo Alto Networks, and Windows Netlogon.

How ColorTokens Threat Intelligence Helps You Stay Breach Ready:

• Prioritizes serious software flaws that could expose business-critical systems.
• Tracks banking malware that makes phishing and credential theft easier to scale.
• Flags mobile fraud campaigns using fake banking pages and malicious Android apps.
• Surfaces exposed Rockwell controller risks across US water and energy utilities.
• Connects these threat patterns to stronger access control and network segmentation.

ColorTokens security advisors can help you interpret these threat patterns and strengthen containment, patching, and segmentation priorities before an incident becomes a wider operational problem.