Welcome to this week’s edition of ONSEC Fintech Cyber Weekly, brought to you by the ONSEC team. It’s been a dynamic week in fintech, cybersecurity, and financial innovation. We saw major moves in the stablecoin and digital payments space, big banks doubling down on AI-driven services, and fresh fintech funding energizing emerging markets. Meanwhile, high-profile data breaches and critical vulnerabilities kept defenders busy, as regulators advanced tougher cyber policies. Here’s what mattered most this week.
Trends & Innovation
- Ripple to acquire stablecoin platform Rail – Expanding crypto payments — August 7, 2025 – [Reuters]. Crypto firm Ripple is buying Canada-based stablecoin payments startup Rail for $200 million. The deal (expected to close Q4 2025) will give Ripple a platform handling ~10% of global stablecoin transactions, bolstering its USD-backed coin RLUSD and cross-border network. Coming weeks after a new U.S. law for stablecoin oversight, Ripple’s president says this solidifies its lead in stablecoin payments, adding virtual accounts and faster treasury flows to meet rising demand. Source: Reuters
- Wells Fargo taps Google Cloud for AI agents – Bank-wide rollout — August 8, 2025 – [The Paypers]. Wells Fargo announced an expanded partnership with Google Cloud to deploy “agentic” AI tools at scale across the bank. Over 2,000 employees are already using Google’s Agentspace platform to navigate internal data and automate workflows. The AI agents help bankers and staff find information faster, streamline customer service, and generate real-time insights. As one of the first big banks to embrace multi-agent AI, Wells Fargo aims to boost efficiency and decision-making speed while maintaining responsible AI use. Source: Banking Dive
- Uzbekistan’s Uzum raises $65M – First unicorn hits $1.5B valuation — August 5, 2025 – [TechCrunch]. Uzum, a fast-growing fintech and e-commerce “super app” from Uzbekistan, secured roughly $65.5 million in a round co-led by China’s Tencent and global investors. The funding vaults Uzum’s valuation to about $1.5 billion, a 30% jump since it first reached unicorn status last year. Founded in 2022, Uzum offers online shopping, payments, digital banking and loans to 17 million monthly users. The new capital will help it roll out AI-powered credit scoring, digital lending and deposit products as it expands financial services in Central Asia. Global investor interest in emerging-market fintech remains strong despite a selective funding environment. Source: TechCrunch
- ECB teams with Diebold Nixdorf on digital euro pilot – CBDC innovation — August 12, 2025 – [Finextra]. The European Central Bank invited ATM provider Diebold Nixdorf to join its digital euro innovation platform. Diebold Nixdorf is integrating its cloud-based Vynamic Transaction Middleware with the ECB’s prototype digital euro interfaces, enabling banks to support the potential CBDC across ATMs, point-of-sale, and e-commerce channels. The goal is to let banks offer digital euro payments seamlessly alongside cards and wallets, without overhauling back-end systems. As EU lawmakers approach a decision on issuing a retail digital euro by year-end, this collaboration showcases how public-private partnerships are preparing the infrastructure. Source: Finextra
Security & Cyber Threat
- Ransomware breach at Manpower – 140,000 records exposed — August 13, 2025 – [SecurityWeek]. Global staffing firm Manpower disclosed that hackers stole personal data of ~144,000 individuals in a Ransomware attack. The RansomHub gang breached Manpower’s network in Jan 2025 and leaked 500GB of HR, financial and personal files after the firm refused to pay. The breach, revealed in a notice to state regulators, underscores the long tail of ransomware incidents. Manpower is offering victims credit monitoring while investigators note RansomHub has since gone quiet, with its affiliates absorbed by another group. Source: Security Week
- Air France–KLM customer data hacked – Third-party tool targeted — August 7, 2025 – [BleepingComputer]. The Air France–KLM Group warned that attackers breached an external customer service platform used by the airlines, stealing some passenger data. Exposed information includes names, contact details, frequent-flyer numbers and service request subjects – but no passwords, payment info or passport data were compromised. The incident, which affected Air France, KLM and Transavia customers, is part of a broader phishing-driven campaign by the ShinyHunters group targeting companies’ Salesforce CRM tools. Both French and Dutch authorities have been notified, and affected flyers are being advised to watch out for follow-on phishing attempts. Sources: Bleeping Computer
- Critical patches from Fortinet and Ivanti – Exploits prompt updates — August 13, 2025 – [SecurityWeek]. Critical vulnerabilities in popular enterprise tools prompted patch releases this week. Network security firm Fortinet issued fixes for 14 flaws, including a remote code execution bug (CVE-2025-25256) in FortiSIEM that attackers have already weaponized in the wild. Two high-severity Fortinet bugs (in FortiWeb and FortiOS) could allow authentication bypass or device takeover. Meanwhile, software provider Ivanti alerted customers to several issues, from RCE holes in its Avalanche MDM to flaws in VPN and zero-trust appliances. While no active attacks were reported yet, security experts urge immediate patching – threat actors often jump on Fortinet/Ivanti weaknesses to infiltrate corporate networks. Sources: Security Week
- UK moves to ban ransomware payments – Mandatory incident reporting — July 22, 2025 – [Reuters]. The UK government announced plans to “smash the cyber criminal business model”by outlawing ransom payments by public sector agencies and critical infrastructure operators. Under proposals expected to become law, NHS hospitals, local councils, schools and key utilities would be prohibited from paying cyber ransoms after attacks. Private companies would not be outright banned, but they must notify authorities before any ransom payment and could receive official guidance or blocks in certain cases. The plan also introduces a 72-hour mandatory reporting rule for all ransomware incidents. These measures – which received broad support in a recent public consultation – aim to reduce the incentive for criminals to target UK organizations. Companies are now bolstering backups and incident response, as paying attackers may soon be off the table. Sources: Reuters
Product & Platform Launches
- Paymentology debuts PayoCard platform – Mobile-first card issuing — August 7, 2025 – [Fintech Intel]. UK-based issuer-processor Paymentology launched PayoCard, a cloud-based card management platform for digital banks and fintechs in Africa. Billed as the region’s first mobile-centric card solution, PayoCard lets banks quickly roll out virtual and physical cards with self-service features (real-time balance updates, card freezes, PIN resets) via a single app interface. By offering a plug-and-play service, Paymentology aims to cut the heavy infrastructure and long development times typically needed for card programs. The move comes as South Africa’scard payments market (projected $206 billion by 2029) shifts toward smartphone banking – PayoCard gives fintechs a fast, compliant way to meet consumers’ digital-first expectations. Sources: Fintech Intel
- Wing Bank launches 2‑in‑1 “One Card” – First combined debit/credit card — August 12, 2025 – [Financial IT] Cambodia’s Wing Bank has rolled out the Mastercard One Card, the country’s first two-in-one card uniting debit and credit functions. Developed with Mastercard and powered by Compass Plus Technologies, the One Card features a sleek numberless design to enhance security (no printed card numbers). Users can control both their deposit account and credit line through Wing’s mobile app, accessing funds or credit on demand in one place. Aimed at a growing middle class of digital-first customers, the One Card simplifies payments and financial management. It comes in Platinum (up to $50k limit, travel lounge access and insurance) and Gold versions, offering perks and up to 55-day interest-free periods to drive adoption of cashless services. Sources: Financial IT
- Credit Sesame + Green Dot embed banking – Launch of Sesame Cash accounts — August 11, 2025 – [FinTech Futures]. U.S. credit score startup Credit Sesame is teaming up with Green Dot to launch full checking account features in its app. Using Green Dot’s “Arc” embedded finance platform, Credit Sesame will offer FDIC-insured demand deposit accounts (DDAs) through its Sesame Cashproduct. The integrated accounts allow Sesame’s users – many of whom are building credit – to manage everyday finances and savings alongside credit monitoring. The partnership also enables a new credit-builder tool: as users use their Sesame Cash debit account, their activity can help improve credit scores, bridging the gap between banking and credit wellness. This move by Credit Sesame reflects a broader trend of fintechs leveraging banking-as-a-service to deepen customer relationships and expand into digital banking services. Sources: FinTech Futures
- GoCardless unveils AI tool for instant payouts – Faster Direct Debits — August 5, 2025 – [Financial IT]. UK fintech GoCardless introduced “Same Day Settlement+,” an AI-driven feature to speed up Direct Debit payments. The tool uses proprietary machine learning on data from 38 million bank accounts to predict successful collections and enable same-day payout of funds. By leveraging these algorithms, GoCardless can now pay out over 96% of collected Direct Debit transactions on the same day (vs. the usual two-day BACS cycle), and it has cut late payment failures by more than 80%. Initially available to select merchants as the system learns from diverse data, the AI feature addresses a major cash flow pain point for businesses. GoCardless reports that faster settlements improve merchants’ liquidity and strengthen trust with customers and suppliers. This innovation showcases how fintechs are applying AI to modernize payment infrastructure, as competition in the recurring payments space heats up. Sources :Financial IT
Final Words
This week underscored three major themes. First, fintech innovation and investment remain robust – from Ripple’s bold stablecoin acquisition and rising unicorns in new markets to incumbent retailers like Sainsbury’s recalibrating their fintech strategies. Second, financial institutions are aggressively leveraging technology such as AI and embedded finance to enhance services – we saw big banks deploying AI assistants, fintechs launching real-time payment tools, and new digital banking products bridging gaps for consumers. Third, cybersecurity is ever more paramount, highlighted by large-scale data breaches, critical patches, and governments stepping in with tougher ransomware policies to protect critical sectors.
Fintech Cyber Weekly 
Leave a comment