This week has been marked by increasingly sophisticated threats, where artificial intelligence, the abuse of legitimate platforms and breaches in trusted third parties have once again jeopardized digital security. From the appearance of AI-generated NFC malware, capable of attacking contactless payments, to the cyberattack suffered by an Apple vendor that exposes sensitive data, the picture confirms that attack vectors are evolving at the same pace as technology. Added to this is the uptick in phishing campaigns aimed at Booking.com users, with fraudulent advertisements and emails designed to empty accounts, and a global wave of phishing that has affected more than 3,000 organizations, taking advantage of legitimate Google services to evade security controls.

This week's incidents don't just reflect isolated technical failures: they highlight an environment in which automation through AI, trust in large platforms, and weaknesses in the supply chain combine to amplify the impact of attacks. Both companies and end users face threats that no longer rely solely on human error, but on infrastructures designed to appear completely legitimate.

The message is clear: strengthening security controls, monitoring external vendors, protecting payment systems and training teams against advanced phishing is no longer optional. In a scenario where attacks are faster, more credible and scalable, anticipating is still the only real defense.

AI-generated NFC malware, the new threat to contactless payments

Cybersecurity researchers have observed that cybercriminals are creating AI-powered malware designed to attack NFC (near-field communication) payments, the standard that allows contactless transactions with cards and mobile devices. These attacks can intercept and retransmit card data, allowing unauthorized purchases or even withdrawals at remote cash machines. This type of malware represents a significant evolution in the use of AI to automate and sophisticated financial fraud techniques, adapting to its environment to evade traditional defenses and maximize impact.

Apple supplier suffers cyberattack, sensitive data at risk

An incident in the technology supply chain has exposed critical information related to Apple accounts and other platforms. An unprotected public database exposed more than 184 million credentials, including emails and passwords linked to services such as Apple, Google and social networks. Although Apple was not directly breached in its core infrastructure, the attack on one of its suppliers highlights the growing risks associated with external suppliers and the importance of reinforced security strategies throughout the supply chain.

Phishing on Booking.com: Fake emails that empty accounts

Continuing the trend of fraud on travel platforms, a phishing campaign has been detected targeting Booking.com users and suppliers. Attackers send emails or messages that appear legitimate, mimic platform communications, or even take advantage of compromised hotel access to send malicious links. The goal is to redirect victims to fake sites where they steal credentials and financial data or install malware. These types of scams can empty bank accounts or compromise cards if users don't check links carefully or skip official channels.

Global alert: Phishing wave that attacks more than 3,000 organizations

A massive phishing campaign using Google domains and services has been active globally over the past two weeks. Attackers take advantage of legitimate tools such as Google Cloud Application Integration, sending emails with a completely official appearance from addresses linked to Google. The ultimate goal is to capture corporate credentials through redirects to fake pages following a simulated “captcha” process. In just a fortnight, thousands of messages were sent to some 3,000 organizations around the world, mainly in manufacturing, technology, financial and banking sectors. Although Google claims that it was not directly compromised and that it has already blocked the campaign, this incident shows that even very reliable services can be used as attack vectors to evade security filters

Get ahead of the next incident

The threat landscape continues to evolve rapidly: the use of AI in malware, attacks aimed at NFC payment platforms, breaches through third-party providers, and global phishing campaigns taking advantage of legitimate services are clear reminders that security cannot be taken for granted. Education, multi-factor authentication, and ongoing monitoring of networks and providers are more important than ever.

At Apolo Cybersecurity, we work with organizations to identify threats before they impact the business. We assess vulnerabilities, strengthen critical infrastructures and empower teams to detect real risks in their daily operations. Because cybersecurity is not about putting out fires, but about anticipating, reducing exposure and being prepared before the attack occurs.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity