HIGHAi
Verified
United States

Scattered Spider Uses AI Voice Cloning to Bypass Voice-Based MFA

·Source: FS-ISAC

Updated:

Executive Summary

Scattered Spider adopts AI voice cloning to defeat voice verification MFA at financial institutions. Three banks confirm successful bypass.

Analysis

Scattered Spider has adopted AI voice cloning technology to defeat voice-based multi-factor authentication used by financial institutions. Attackers clone customer voices from social media and publicly available audio, then use the cloned voices to authenticate to banking systems via phone. Three major banks have confirmed successful MFA bypass incidents. Industry group recommends transitioning away from voice-based authentication.

Timeline

Discovered
Mar 10, 2026
Exploitation Detected
Mar 10, 2026
Published
Mar 16, 2026
Source Attribution

Originally published by FS-ISAC on Mar 16, 2026. Verified by: FS-ISAC, FBI.

Related Threats

MEDIUMAi

Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more

It's Time to Upgrade Your SMB Session This week, Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module. It uses PsExec to facilitate the upgrade. Users can load the module with use windows/manage/smb_to_meterpreter and specify the session number they wish to upgrade. This functionality is also available with the command sessions -u <session_id> . This work is par

Rapid7
LOWAi

An AI just carried out a cyber attack without any human oversight for the first time

Anthony Cuthbertson reports: Security researchers have uncovered what they believe to be the first ever instance of an artificial intelligence agent executing a cyber attack from start to finish without human assistance. The AI-powered attack marks a major milestone for both artificial intelligence and cyber security, raising concerns that AI is lowering the barrier for cyber criminals. The fully

DataBreaches.net
MEDIUMAi

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug. The AI caught one flaw and missed

CVE-2026-46242
The Hacker News