RSAC is coming up, and I don’t even need a calendar to realize it. The evidence is in the flood of salespeople spamming my inbox with invitations to “Meet-up at RSAC?"

It feels so pretentious—every email seems to assume, "Of course, you're attending RSAC." There's a hint of condescension, too, implying that if you're not there, you're either not among the cool kids or you're low budget.

Well, I’m not in the cool-kids group, and I'm very low-budget. So I’ll gladly meet you in exchange for airfare, hotel, and a conference pass.

Otherwise, keep your spam to yourself.

No more BSA?

At a minimum, all the thresholds for reports required under the Bank Secrecy Act should be adjusted for inflation. Congress could go further and eliminate the reporting requirements. Even better, Congress could also do away with the Bank Secrecy Act regime entirely.

Interesting take from the Cato Institute.

The authors of “From Writs to Wires: The Surveillance State’s Long War on Privacy” explore how modern surveillance in the U.S. has evolved from colonial-era warrantless searches into an invisible digital system that “undermines constitutional privacy rights.” It alleges that government agencies exploit third-party data, weaken encryption, and use technologies such as facial recognition and financial tracking to monitor citizens.

All those records held by your bank, financial planner, and similar entities are fair game for prying eyes—as long as those eyes belong to the government.

Although this article was originally aimed at privacy advocates and perhaps conspiracy theorists, those working in BSA/AML should also pay attention - but for an entirely different reason.

https://www.cato.org/free-society/winter-2026/writs-wires-surveillance-states-long-war-privacy

Mail

Thanks for linking to the study that tells my wife it’s ok for me to drink a lot of coffee. -JS

Matt, I suspect you would be very successful if you started your own business, and you are correct, paid bank holidays are a very nice perk. - K

This week, I attended two presentations, and both could have benefited from your advice on avoiding lengthy problem explanations. In one, a speaker spent 20 minutes describing the problem to the group, who then identified it and submitted a ticket requesting it be fixed. - JohnB (See Issue 272 for reference)

The News…

Obviously, I support the Bureau and the Internet Crime Complaint Center (IC3), but sometimes I wonder what the point is. The information they release often feels outdated. Cybersecurity and fraud organizations share information in real time, but the analytical and content creation processes within any government agency, not just IC3, are so time-consuming that by the time the content is ready and approved, it's already old news. Anyway, they released a “Flash” report about malware-enabled ATM jackpotting, which most of us knew about long before the flash. https://www.ic3.gov/CSA/2026/260219.pdf

A recent cyberattack campaign impersonates Google Meet invitations to spread malware. Victims receive a fake meeting invite from a newly registered domain, and clicking the “Join” button redirects them to a convincing fake Google Meet page hosted on an impersonated Microsoft Store site. They are then prompted to download a fake “update” installer (`.secretly installs the **Teramind remote monitoring tool**, allowing attackers full control over the victim’s system and transmitting device details (IP, location, OS, etc.) to the attacker via Telegram. Important warning signs include a lookalike domain with intentional typos, a sender domain less than a month old, failed DKIM authentication, and poor HTML branding—all tactics aimed at deceiving both humans and security scanners. https://sublime.security/blog/fake-google-meet-invitation-fake-microsoft-store-real-malware-attack/

Signal launched Version 8 of its secure backups. https://aboutsignal.com/news/signal-launches-version-8-0-with-signal-secure-backups/

This guy laundered 2.3 million dollars through gift cards. Seriously, most gift cards limit out at $500. He purchased 460,000 gift cards? https://cbs6albany.com/news/local/chinese-man-found-guilty-in-money-laundering-conspiracy-involving-229m-in-gift-cards-fraud-jun-wang

LayerX, a cybersecurity company, identified 30 malicious Chrome extensions that mimic popular AI tools like Gemini and ChatGPT, with over 260,000 downloads. These extensions appear to provide legitimate AI chat interfaces but covertly send user data to attacker-controlled servers, capturing sensitive information such as emails, browser content, and pasted text. The threat is heightened by users' tendency to share sensitive info with AI tools and the extensions' use of hidden iframes, making detection difficult during reviews. Even after the discovery was made public, several of these malicious extensions remained available on the Chrome Web Store. https://layerxsecurity.com/blog/aiframe-fake-ai-assistant-extensions-targeting-260000-chrome-users-via-injected-iframes/

Starkiller is a sophisticated phishing-as-a-service (PhaaS) tool that bypasses traditional security measures, including MFA, by live-proxying legitimate login pages instead of mimicking them. This allows attackers to capture credentials and session tokens in real time, making detection extremely difficult since victims interact with actual websites. The tool’s user-friendly interface and automation lower the technical barrier for cybercriminals, forcing organizations to shift from static detection methods to behavioral and identity-aware monitoring. https://www.darkreading.com/threat-intelligence/starkiller-phishing-kit-mfa

Message me: matt (at) threatswithourborders.com

DFIR

I haven’t used this, so please test it in a safe space first, but it is interesting, and I’ll be giving it some more attention shortly.

Fuji is a free, open-source program for performing forensic acquisition of Mac computers. It should work on any modern Intel or Apple Silicon device, as it leverages standard executables provided by macOS. Fuji performs a so-called live acquisition (the computer must be turned on) of logical nature, i.e. it includes only existing files. The tool generates a DMG file that can be imported in several digital forensics programs.

https://github.com/Lazza/Fuji/releases/tag/1.2.0

Cool Job

Director of Safety and Security, Vanderbilt University. https://ecsr.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/10007897

Security Intelligence Operations Specialist, Tesla. https://www.tesla.com/careers/search/job/256471

Cool Tool

Hate Apple? Hate Google? Graphene OS might be your huckleberry. Tomasz Dunia created a list of currently supported mobile devices and a full tutorial on getting up and running with Graphene as the OS. https://blog.tomaszdunia.pl/grapheneos-eng/#list-of-supported-devices-february-2026

“Spackle is a macOS menu bar app for inline AI rewrites. Select text in any app, press a keyboard shortcut, and Spackle replaces your selection with an AI-rewritten version — right in place. You never leave the app you’re working in. It works anywhere macOS Accessibility can reach: Mail, Notes, Slack, browser text areas, and more.” https://aisatsu.co/spackle/

Irrelevant

Something everyone in law enforcement and counseling has known for, well, ever.

Researchers found that the teens who reported using cannabis in the past year were at a higher risk of being diagnosed with several mental health conditions a few years later, compared to teens who didn’t use cannabis.

Teens who reported using cannabis had twice the risk of developing two serious mental illnesses: bipolar, which manifests as alternating episodes of depression and mania, and psychotic disorders, such as schizophrenia which involve a break with reality.

https://text.npr.org/nx-s1-5719338

Sign Off

I spent some time in Buffalo, NY, last week. I’ve discussed the city in the newsletter before, and I believe I’ve finally figured out why people choose to live there. It’s self-hate. That’s the only explanation that fits. Yes, I’ve heard it’s beautiful in the summer.

Shout at me M&T friends.

Thanks for reading another issue. See you all next week.

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.