Few individuals in our niche have the credibility to publish opinion pieces through major news organizations like Fox. David Maimon is one.

In this piece, he details how hostile state actors, including Iran, North Korea, Russia, and China, are systematically exploiting the US banking and employment systems by leveraging fraud infrastructure sourced from the dark web. His team has observed that these nations purchase stolen identity components, such as Social Security numbers and compromised bank credentials, to create synthetic identities and shell companies that bypass traditional compliance checks and sanctions screenings.

By routing transactions through correspondent banks with limited transparency and employing domestic US facilitators to conceal foreign IT workers or carry out financial grooming scams, these adversaries effectively funnel billions of dollars into the US financial system and infiltrate sensitive institutions. He emphasizes that current detection methods often fall short because the fraudulent entities look legitimate on paper, using forged documents and complex corporate structures to hide the true state-sponsored operators.

https://www.foxnews.com/opinion/adversaries-even-using-us-banking-system-heres-get-away

Can they make this any easier?

I’ve discussed this before, probably ad nauseam. But the bad guys are endlessly abusing the Payroll Protection Program (PPP) loans database. The pointy-head bureaucrat who decided this information should be made public should be made to sit in a dunk tank in the lobby of the IAFCI International conference.

And if they couldn’t make the database any easier to navigate, someone turned it into an interactive map. Awesome.

https://www.ppploanmap.com/

The News

A BitLocker bypass vulnerability was discovered. You must have physical access to the device, and it only works on Windows 11 machines. https://github.com/Nightmare-Eclipse/YellowKey

Tech-Support attacks are increasingly using the Quick Assistant tool, which is installed on Windows 10 and 11. Thomas Miller of TrustedSec shows how to identify and respond to attacks using this tool. https://trustedsec.com/blog/slamming-the-door-on-quick-assist-tech-support-scams-and-abuse

Capital One takes an offensive position by filing a federal lawsuit in Virginia against unidentified operators behind large-scale robocall scams. The bank accuses them of trademark infringement by misusing its and Discover’s names in deceptive impersonation schemes. Using civil litigation enables the bank to leverage the discovery process to identify these scammers and dismantle their operations. This strategy, increasingly employed by major tech companies, aims to supplement traditional law enforcement efforts. https://www.cnbc.com/2026/05/13/capital-one-lawsuit.html

Meta introduces Incognito Chat with Meta AI on WhatsApp and the Meta AI app, offering a fully private AI interaction. These conversations occur in a secure environment that Meta cannot access, and they are set to disappear automatically. https://about.fb.com/news/2026/05/incognito-chat-whatsapp-meta-ai/

The Dutch police have turned to shaming, and I’m completely onboard. The “Game Over?!” campaign, publicly named 100 of the country’s most wanted scammers, which led to the identification of 74 suspects. During this campaign, fraudsters were given a two-week period to surrender voluntarily while their blurred images were displayed; after the deadline, the police unblurred the faces on social media and billboards, prompting 34 individuals to turn themselves in and helping identify 40 more through over 500 public tips. The effort focused on scams targeting the elderly, like bank helpdesk impersonation and fake police visits. It reached nearly 90 million people on social media and has led to 38 interrogations and 6 arrests, with investigators noting that the average age of suspects is only 22. https://www.theregister.com/cyber-crime/2026/05/18/dutch-cops-shame-games-nets-74-wanted-fraudsters/5241980

Proofpoint launches a managed service provider (MSP) unit, which they are calling Proofpoint 365. No. https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-dedicated-msp-business-unit-and-introduces-365-total

A 25-year-old former Penn State student and auxiliary police officer, has been held on $2 million bail after being charged with felony computer crimes involving the unauthorized manipulation of police dispatch systems containing sensitive personal and criminal data. https://www.centredaily.com/news/local/crime/article315752921.html

OpenAI released Daybreak, its AI-powered cybersecurity and vulnerability management platform. https://openai.com/daybreak/

Feedback

Send Feedback to matt(at)threatswithoutborders.com

dfir

It appears that files synced to iCloud Drive are now stripped of their metadata. https://eclecticlight.co/2026/05/11/does-icloud-drive-now-lose-almost-all-metadata/

No subscriptions, no ads, no paid product promotions. Some issues better than others.

Share Threats Without Borders

Cool Jobs

IT Security Analyst - Baltimore Orioles Baseball Club. https://www.teamworkonline.com/baseball-jobs/orioles-jobs/baltimore-orioles-jobs/it-security-analyst-2169873

Director of Information Security - Penn Community Bank. https://penncommunitybank.wd501.myworkdayjobs.com/ExternalCareers/job/Bristol-PA/Director-of-Information-Security--ISO-_R-100099

Cool Tools

Python tool that digs deep for email addresses and usernames across hundreds of online resources. https://github.com/kaifcodec/user-scanner

Barcode reader. https://online-barcode-reader.inliteresearch.com/

What’s happening - right now? https://trends.google.com/trending?geo=US

Irrelevant

This guy keeps a running tab on Apple’s neglect of its base applications. As a longtime Mac user, I agree with all of this. Honestly, it’s pretty bad. Am I switching to Windows? Hell no. But if someone can get me a clean install of Linux on my M4 Mac Air, I’m gone. https://taoofmac.com/space/blog/2026/05/18/1320

Sign Off

Welcome, new subscribers! There’s always pressure after we gather a load of new subs, and I always feel like I’m letting everyone down. The newsletter gets hyped at an event, people subscribe, and this is what they get! The product always looks better in the ad, I guess. But hopefully, enough of you stay around for next week.

It’s hot here in Central PA, and I know the Midwest has been raked by violent storms. Stay cool and safe!

Matt

“DON’T RUIN A GOOD TODAY BY THINKING ABOUT A BAD YESTERDAY. LET IT GO.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.