SquareX Ltd., a startup with a browser extension that can detect and block obfuscated malware, has raised $20 million in funding. SquareX’s browser extension promises to help enterprises protect employees from malicious websites, phishing campaigns and other online threats. The extension provides features for blocking so-called last mile reassembly attacks. Those are cyberattacks that disguise browser-borne malware by splitting it into multiple code snippets. Because the individual snippets are harmless on their own, they have a higher chance of evading detection by antivirus tools. The malware resembles itself after the code fragments are downloaded onto the user’s device. In some cases, last-mile reassembly attacks use LSB steganography to further complicate detection efforts. LSB steganography is a data storage method that can be used to encode malicious code into images, which often aren’t scanned by cybersecurity tools. Once a malware-laden image is downloaded by a user, a script extracts the malicious code and runs it. SquareX says that its browser extension can spot such attacks as well. According to SquareX, its browser extension removes macros from Office documents to delete any malicious code they may contain. When the extension blocks a malicious program, it sends the file to a cloud-based sandbox where administrators can study it. SquareX provides more than 20 malware analysis tools to ease the process. SquareX can be configured to block password sharing across applications, data entry into unauthorized applications and other risky practices. It’s also possible to create a list of approved browser extensions and automatically block plug-ins that are not on the list.
Emburse’s AI-powered app for enterprise expense management provides multilingual functionality and uses OCR transcription to accurately capture receipts, auto-populate expense details and streamline reporting
Emburse has launched a new travel and expense mobile app incorporating Emburse AI to make it easier for employees to submit expenses and for managers to approve them. The newly refreshed Emburse Enterprise app uses artificial intelligence to accurately capture receipts, autopopulate expense details, streamline expense reporting and accelerate reimbursement. “It delivers a smooth, intuitive experience that accelerates reimbursements and payments while helping enterprises track and control their spend,” Emburse Chief Product Officer Paul Nagy said. “Accuracy is significantly boosted across language, currency and handwritten values.” For business travelers, Emburse Enterprise provides multilingual functionality and AI-powered OCR transcription, smart receipt capture that eliminates the need for paper receipts and manual data entry, and a personalized dashboard that provides a clear starting point for the capture, review and submission of expenses. For managers, the mobile app supports both full and partial expense report approval, so approvers can take action on relevant line items without waiting for other approvers to handle the other line items. Where application, Emburse Enterprise can also enable approvals of pre-approvals, invoices and purchase orders.
Apple Store deploys LLM-based system to offer app review summaries that dynamically adapt, capture the diversity and accurately reflect user’s voice and the most up-to-date feedback
The App Store now offers review summaries in iOS 18.4, providing a high-level overview of user reviews while allowing for detailed exploration. This feature is powered by a multi-step LLM-based system that periodically summarizes user reviews. The aim is to ensure these summaries are inclusive, balanced, and accurately reflect the user’s voice, prioritizing safety, fairness, truthfulness, and helpfulness. This feature is a significant improvement over previous versions. Summarizing crowd-sourced user reviews presents several challenges, each of which we addressed to deliver accurate, high-quality summaries that are useful for users: Timeliness: App reviews change constantly due to new releases, features, and bug fixes. Summaries must dynamically adapt to stay relevant and reflect the most up-to-date user feedback. Diversity: Reviews vary in length, style, and informativeness. Summaries need to capture this diversity to provide both detailed and high-level insights without losing nuance. Accuracy: Not all reviews are specifically focused on an app’s experience and some can include off-topic comments. Summaries need to filter out noise to produce trustworthy summaries.
Microsoft releases taxonomy of failure modes- security and safety- inherent to agentic architecture- novel modes unique to agentic systems (e.g. agent compromise) and modes representing amplification of existing GenAI risks (e.g. bias amplification)
Microsoft’s AI Red Team has published a detailed taxonomy addressing the failure modes inherent to agentic architectures. Agentic AI systems are autonomous entities that observe and act upon their environment to achieve predefined objectives. These systems integrate capabilities such as autonomy, environment observation, interaction, memory, and collaboration. However, these features introduce a broader attack surface and new safety concerns. The report distinguishes between novel failure modes unique to agentic systems and amplification of risks already observed in generative AI contexts. Microsoft categorizes failure modes across security and safety dimensions. Novel Security Failures: Including agent compromise, agent injection, agent impersonation, agent flow manipulation, and multi-agent jailbreaks. Novel Safety Failures: Covering issues such as intra-agent Responsible AI (RAI) concerns, biases in resource allocation among multiple users, organizational knowledge degradation, and prioritization risks impacting user safety. Existing Security Failures: Encompassing memory poisoning, cross-domain prompt injection (XPIA), human-in-the-loop bypass vulnerabilities, incorrect permissions management, and insufficient isolation. Existing Safety Failures: Highlighting risks like bias amplification, hallucinations, misinterpretation of instructions, and a lack of sufficient transparency for meaningful user consent.
P2P payment information network Phixius by Nacha partners Kinexys by J.P. Morgan to add near real-time global validation of bank account ownership, status and transactions to its real-time validation
Phixius by Nacha and Kinexys Liink established information exchanges between their payment information networks. The collaboration will enhance account validation coverage for financial institutions, FinTechs and corporations. Phixius, which is a peer-to-peer payment information network, will serve as Kinexys Liink’s key U.S. payment information network responder, enabling near real-time validation of domestic bank account data. Kinexys Liink, which is a bank-led peer-to-peer data-sharing network and part of Kinexys by J.P. Morgan, will allow Phixius participants access to its Confirm application’s global account validation capabilities, expanding the reach of the Phixius network. “Kinexys Liink and Phixius customers can benefit by validation services using data provided by either network, helping to mitigate payment fraud and reduce potential ACH returns,” Rob Unger, managing director of ACH Network development at Nacha, said. Gloria Wan, general manager of Kinexys Liink at Kinexys by J.P. Morgan, said: “Through the collaboration with Phixius by Nacha, we look forward to expanding the reach of Kinexys Liink to further strengthen account validation and cross-border payment infrastructure globally.”
Ibanera’s onboarding and AML compliance solution adopts a layered and tokenized design that replaces sensitive data with unique identifiers and makes compliance traceable and verifiable across complex networks of users
Digital banking platform Ibanera announced the launch of its ‘Nested Compliance’. Produced by the company CEO, Michael Carbonara, the infrastructure directly combats current risks faced by the Fintech and Banking as a Service (BaaS) industry. The framework differs from current financial compliance processes by automating KYC and AML processes while adopting a layered and tokenized design that embeds compliance across its vast customer network. Ibanera’s new Nested Compliance concept introduces high-level automation for KYC and AML processes for operational efficiency. The upgraded system uses API-driven, real-time compliance monitoring with early warning triggers for expiring KYC, automated counterparty verification, and embedded reporting to speed up processes and keep detailed records for audit purposes. The framework also debuts a unique design that tokenizes compliance. Sensitive data is replaced with unique identifiers, minimizing PII (Personally Identifiable Information) exposure risk. The tokenized design also creates a system where compliance is traceable and verifiable across complex networks of users, simplifying financial relationships and the overall compliance process. Through this, layered transactions are secure, monitored, and compliant with FATF, FINCEN, and global Anti-Money Laundering (AML) regulations. The new Nested Compliance protocol is being rolled out on Ibanera’s ecosystem this year and is available for customers and partners. Key updates include real-time risk assessments of counterparty data, along with ongoing AML checks to prevent illicit activities within nested payment structures.
VoPay’s solution enables banks and SaaS platforms to offer full-stack embedded real-time cross border payments by using APIs, white-label deployment or through no-code services
Embedded financial technology provider VoPay has announced the launch of its new Cross-Border Payments-As-A-Service solution. The white-label technology will enable organisations to move money around the world with full transparency, compliance, and real-time FX. In addition, being built for software platforms and financial institutions, the product will allow firms to benefit from its features without the need to build their own cross-border infrastructure. With this solution, partners and collaborators will have the possibility to expand into global markets and deliver a secure cross-border payment offering. VoPay will continue to focus on meeting the needs, preferences, and demands of clients and users in an ever-evolving market, while prioritising the process of remaining compliant with the regulatory requirements and laws of the industry as well. In addition, VoPay’s solution is purpose-built to serve vertical SaaS platforms, digital marketplaces, and ERP providers, as well as payroll platforms and financial institutions that are looking to unlock new revenue from international money movement. Included in its key capabilities are a full-stack embedded payments, real-time FX engine, compliance by design, end-to-end orchestration, white-label flexibility, and speed to market features. Software platforms and FIs can launch Cross-Border Payments in a way that fits their business model. This includes the possibility to embed the experience directly into their platform using branded UI components and developer-first APIs, launch a Turnkey Solution using VoPay’s white-label deployment model, or access no-code services from the company’s dashboard with full functionality–zero development needed.
New York City subway riders to be able to add tap-to-pay OMNY transit card to Apple Wallet, joining SF’s Clipper, Washington DC’s SmarTrip and LA’s TAP card
Apple introduced support for dedicated transit cards in Apple Wallet six years ago, and it has since expanded to include San Francisco’s Clipper card, Washington DC’s SmarTrip card, Los Angeles’ TAP card, and Canada’s PRESTO card. New York City’s OMNY card will soon join the fun of Apple Wallet integration, according to the MTA. The MTA is set to phase out the MetroCard fully within the next year, requiring OMNY to be widely available and easy to use. Major updates involving the OMNY rollout include the launch of a mobile virtual OMNY card for normal commuters and students in Q4 2025 and new integration within the MTA app to manage your OMNY card. If things go according to plan, users will be able to add an OMNY card to Apple or Google Wallet in the coming months, just like in Washington, DC, and San Francisco.
Wells Fargo confirms termination of 2018 CFPB Compliance Consent Order “demonstrating that we have completed much of our common risk and control infrastructure work”
Wells Fargo today confirmed that the Consumer Financial Protection Bureau’s (CFPB) 2018 consent order related to the company’s compliance risk management program has terminated. This is the twelfth consent order closed by Wells Fargo’s regulators since 2019 and the sixth since the beginning of the year. Charlie Scharf, Wells Fargo’s CEO, said of today’s news: “Today’s termination, along with the recent closure of other consent orders, demonstrates that we have completed much of our common risk and control infrastructure work, including work that is required by other orders. I am proud of the work done by our teams and remain confident that we will complete the work needed to close our other open consent orders. Wells Fargo is a different and stronger company today as we focus on creating long-term value for our customers, clients, communities and shareholders.”
Truist’s new alias-based bill payment solution uses nearly 150 million previously enrolled U.S. mobile and email tokens to deliver corresponding real-time confirmation and instant settlement via the RTP system
Truist Financial Corporation announced the successful completion of the initial testing phase of an innovative alias-based bill payment solution that leverages The Clearing House’s RTP network and Request for Payment (RfP) platform. The achievement positions Truist as the first financial institution to send and receive alias-based RfPs for transactions and deliver corresponding real-time payment and settlement via the RTP system. The solution will ultimately enable businesses to offer faster, simpler, more secure, and cost-effective bill payments. Consumers will benefit from greater control and transparency. The payment process will be streamlined for speed and simplicity — for both billers and consumers — by using nearly 150 million previously enrolled U.S. mobile and email tokens. To meet small business and consumer demands for speed, transparency, financial control, and security, this enhanced bill pay solution will deliver faster processing, easy account monitoring, and tokenized fraud protection. Additionally, consumers will receive immediate confirmation their payment has been received and subsequent confirmation it has been applied. Key benefits for large corporate billers will include: Immediate payment validation; Accelerated cash flow; Streamlined data management; Enhanced data security; Reduced operational costs.