FCI Cyber Inc.

04/26/2026

According to Malwarebytes, the malicious file contains an MSI installer that mimics the legitimate Anthropic installation chain and installs the real Claude application.

04/26/2026

04/14/2026

🔸 (Cyber News) Threat actors are actively exploiting the popularity of Claude by creating convincing fake websites that distribute trojanized installers.

🔸 In this campaign, users downloading a supposed “pro” version unknowingly install legitimate software alongside hidden malware (specifically a PlugX variant) delivered via DLL sideloading.

🔸 Small details, like misspelled file paths, highlight how subtle these attacks can be.

🔸 Organizations should reinforce user awareness around downloading software only from verified domains, implement endpoint detection and response (EDR) to catch sideloading behavior, and restrict ex*****on from user directories and startup folders.

🔸 Given the rise in AI-themed lures, financial services firms and other high-value targets should treat AI tools as part of their attack surface and incorporate them into phishing and threat simulation training.

According to Malwarebytes, the malicious file contains an MSI installer that mimics the legitimate Anthropic installation chain and installs the real Claude application.

03/26/2026

🔸 (Cyber News) A growing number of Americans are receiving AI-generated “deepfake” scam calls, with one in four reporting they’ve encountered one in the past year, and older adults facing the highest financial losses.

🔸 Cybersecurity experts recommend setting up a family “safe word” or verification phrase to help confirm identity during suspicious calls, since scammers often use urgency and emotional manipulation to pressure victims into acting quickly.

🔸 They also stress that a safe word should only be one layer of protection. People should hang up, call the person back using a trusted number, and verify through another channel whenever possible.

With one in four Americans reporting that they’ve received a deepfake phone call in the past year, cybersecurity experts are urging families to set up a “safe word” to avoid being scammed.

02/26/2026

(JD Supra) With the June 3, 2026 Regulation S-P compliance deadline approaching, small RIAs should be taking steps now to strengthen their data protection and incident response readiness. Key areas of focus include:

🔸 Establishing and maintaining written incident response policies and procedures to detect, respond to, and recover from unauthorized access to client information

🔸 Ensuring the ability to notify affected clients within required timelines if sensitive data is compromised

🔸 Reviewing and updating vendor management policies, including written requirements for breach notification and oversight of service providers

🔸 Maintaining detailed records documenting security controls, incidents, and response actions to demonstrate compliance

🔸 Implementing security controls such as endpoint protection, access monitoring, and multi-factor authentication to support policy enforcement
Provide staff training to ensure policies and procedures are understood and followed

Not sure where to begin? Schedule a call with our team of experts to learn more about what FCI can do to help you meet Regulation S-P: https://fcicyber.com/



https://www.jdsupra.com/legalnews/regulation-s-p-june-3-2026-compliance-9273675/

FCI is an MSSP (Managed Security Service Provider) that offers Cybersecurity for Financial Services for Protection & Compliance.

02/18/2026

🔸 (JD Supra) The SEC’s Division of Examinations has released its fiscal year 2026 priorities, with a clear emphasis on cybersecurity, operational resilience, and the governance of emerging technologies.

🔸 Regulators are closely evaluating whether firms have effective safeguards in place to protect customer data, detect and respond to cyber incidents, and maintain business continuity during disruptions.

🔸 The SEC is also increasing scrutiny around the use of artificial intelligence, focusing on whether firms have proper oversight, risk controls, and transparent disclosures.

🔸 In addition, technology infrastructure reliability, third-party risk management, and anti-money laundering controls remain key areas of examination, reinforcing the expectation that firms maintain strong, resilient, and well-governed technology environments.

🚨 Looking for guidance? Schedule a call with our cybersecurity regulation specialists to find out how you can enhance your firm's security. https://fcicyber.com/contact-us/



https://www.jdsupra.com/legalnews/sec-staff-issues-2026-examination-8666974/

On November 17, 2025, the staff of the SEC’s Division of Examinations released its examination priorities for fiscal year 2026. The release highlights...

02/06/2026

🔸 (Cyber News) Attackers are using Windows screensaver (.scr) files in spearphishing emails to quietly install legitimate remote monitoring tools like SimpleHelp, giving them persistent access while bypassing many security controls. Because these tools appear normal, attackers can move laterally, steal data, or deploy ransomware without triggering traditional alerts.

🔸 FCI has observed this campaign targeting financial services in the wild. Our platform is designed to automatically block unauthorized RMM tools, isolate suspicious endpoints, and collect forensic evidence before any persistence can take hold.

🔸 These controls are enforced across all client environments at scale, preventing a single click from turning into an enterprise-wide compromise.

🔸 For organizations not currently protected by FCI: work with your IT provider or security team to block unapproved RMM software and deploy endpoint protection that captures command-and-control traffic. These controls are now essential to stopping modern phishing attacks before they escalate.

🚨 Book a call with our team to learn more about what you can do to keep your firm, your clients, and yourself cyber safe! https://fcicyber.com/contact-us/



https://cybernews.com/security/attackers-exploit-windows-screensaver-remote-tools/

02/04/2026

🔸 (Scotsman Guide) Financial institutions are facing growing pressures to protect consumer data under new prescriptive regulations.

🔸 Many organizations struggle to keep up with written security program mandates, risk assessments, vendor oversight, and audit expectations, and the consequences for falling short can include fines, enforcement actions, or even license suspension.

🔸 FCI helps reduce that burden by providing the security controls and expertise that organizations need to strengthen their compliance efforts.

🔸 We align our solutions with the lines of defense model, equipping security teams with tools to manage access and gain real-time visibility, while providing compliance teams with the evidence and reporting they need to support audits and regulatory requirements.

🔸 Through this approach, we empower organizations to meet regulatory expectations with greater confidence, without taking focus away from their core business.

Mortgage lenders face expanding data security regulations under GLBA and state laws, requiring written security programs, vendor oversight and breach reporting.

01/30/2026

🔸 (Bleeping Computer) Microsoft has issued emergency out-of-band updates to fix a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) that is being actively exploited.

🔸 The flaw allows attackers to bypass Office security features by convincing users to open a malicious Office file, affecting Office 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps, though the Preview Pane is not impacted.

🔸 Office 2021 and later receive automatic protection after an application restart, while older versions require installing updates or applying a registry-based mitigation.

🔸 Microsoft says Defender detections and Protected View help reduce risk and urges users to avoid enabling content from untrusted files.

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks.

06/14/2023