Welcome to this week’s edition of the ONSEC Fintech Cyber Weekly brought to you by the ONSEC team.
Tailored for fintech founders, product leaders, compliance officers, and cybersecurity professionals, this digest delivers sharp insights into the technologies, threats, and trends shaping the future of digital finance. In this issue, we spotlight SoFi’s return to crypto, Mastercard’s stablecoin rollout, and JPMorgan’s tokenized deposit launch. We also cover the evolving threat landscape—from AI-powered phishing campaigns to malware like Godfather—and highlight powerful new product launches in payments, lending, and insurtech.
Trends & Innovation
- SoFi Returns to Crypto with Blockchain-Based Transfers
SoFi Technologies is relaunching its blockchain-powered money transfer feature and plans to enable users to trade and hold Bitcoin and Ethereum by the end of 2025. The company also has plans to introduce stablecoins, staking, and crypto-backed loans—signaling a major expansion into digital assets. Source: Barron’s - Xero to Acquire U.S. Payments Provider Melio for $2.5 Billion
New Zealand–based Xero announced its acquisition of Melio to strengthen U.S. SMB payment capabilities. The deal is expected to double Xero’s U.S. revenues by 2028 and integrate payments directly into its accounting platform. Source: Reuters - JPMorgan Launches JPMD Deposit Token on Public Blockchain
JPMorgan has introduced JPMD, a tokenized version of bank deposits issued on Coinbase’s Layer-2 network, Base. The token brings liquidity, auditability, and FDIC insurance to on-chain transactions, providing a regulated alternative for blockchain-native payments in institutional finance. Source: FT - Mastercard Integrates Fiserv’s FIUSD Stablecoin into Global Payments
Mastercard now supports Fiserv’s USD-backed stablecoin, FIUSD, across its global payment network—enabling consumers and merchants to transact with stablecoins at over 150 million locations. This integration bridges traditional card rails with blockchain-based currency, accelerating stablecoin adoption in mainstream commerce. Source: Marcket Watch
Security & Cyber Threats
- UBS & Pictet Employee Data Leaked via Third-Party Breach.
A cyberattack on Chain IQ, a Swiss procurement vendor, exposed sensitive internal employee data from UBS and Pictet, including emails and CEO contact details. While no client data was compromised, the breach underscores escalating third-party risks in financial services. Source: Financial News London - 16 Billion Passwords Exposed in Massive Infostealer Leak.
Over 16 billion credentials—spanning fintech logins, cloud services, and government portals—were leaked via infostealer malware campaigns, posing enormous credential-stuffing risks. Fintech apps are high-value targets, with users urged to reset passwords and enable 2FA immediately. Source: Tom’s Guide– - Godfather Banking Malware Evolves to Target Fintech Apps.
The Godfather malware, known for targeting over 400 banking and fintech apps globally, has evolved. It now uses virtual app environments to mimic legitimate login screens and steal credentials in real time—bypassing traditional overlay techniques. Fintech platforms should harden app environments and promote anti-malware hygiene. Source: Hackread - AI-Powered Threats Exploit Fintech Supply Chains.
Cybercriminals are leveraging generative AI tools—such as deepfakes, voice cloning, and hyper-realistic phishing—to breach fintech firms by targeting their digital supply chains. With 68% of financial executives citing cybersecurity breaches as their top concern and 61% identifying AI-driven threats, the sector faces mounting risks. Over 50% of application-layer DDoS attacks in Q1 2025 targeted fintech services, according to Qrator Labs, underscoring the urgency of securing third-party vendor ecosystems. Source: Cybernews
Product & Platform Launches
- Orchestr Payment Orchestration Platform Orchestr launched a next-gen payment orchestration platform aimed at global merchants—unifying fragmented payment flows, reducing costs, and giving firms full control and visibility across regions. Ideal for fintechs powering commerce in diverse markets.Source: The Fintech Times
- Zopa Debuts “Biscuit” UK Current Account. UK challenger bank Zopa introduced “Biscuit,” promising best-in-market value with ~£256/year in cashback & interest. Users can now link external accounts and manage payments in-app—a push toward embedded account services. Source: The Fintech Times
- One Inc + Verisk FAST Integration on PremiumPay. One Inc and Verisk partnered to integrate Verisk’s FAST system into the PremiumPay® platform, delivering seamless, API‑based access to fast, automated insurance payments—opening new opportunities for fintechs in insurtech. Source: FinTech Global
Final Words
As the fintech landscape rapidly evolves—driven by blockchain innovation, AI-powered threats, and next-gen financial platforms—staying informed is more critical than ever. From tokenized deposits and stablecoin adoption to rising cybersecurity risks and orchestration breakthroughs, this week’s developments highlight both the opportunities and challenges shaping the digital financial ecosystem.
If you found this brief valuable, feel free to share it with your colleagues and peers. Let’s keep the conversation going and help build a smarter, safer fintech future—together.
Fintech Cyber Weekly 
Leave a comment