#38: Mastercard Start Path, Rising Iranian Cyber Threats, Crypto Scam Dismantled
This week, we’re looking at two major threats making headlines, plus the bigger picture behind Mastercard’s Start Path program.
We're honored to be one of five startups selected for Mastercard’s new initiative, advancing cybersecurity, fraud mitigation, digital identity, and payment resiliency. (You can read our full announcement here.)
Now, let’s get into it.
NATE'S TAKE - JULY 3, 2025
Top Three This Week
- Mastercard Backs Security Startups to Tackle Growing Fraud Threats
- U.S. and Allies Warn of Escalating Iranian Cyber Threats
- Europol Dismantles €460M Crypto Investment Fraud Ring
1. Mastercard Backs Security Startups to Tackle Growing Fraud Threats
Mastercard has launched a new cybersecurity program focused on identity, fraud, and AI-based threat detection. The Start Path Security Solutions program includes companies developing solutions for identity verification, real-time risk assessment, and fraud prevention — a response to the rapid growth of digital payments and the widening surface area for abuse. (Read more from PYMNTS here.)
The Start Path program is designed to help these companies scale and integrate with Mastercard’s broader network, and reflects growing recognition that fraud detection needs to evolve faster than the threats it’s trying to stop.
This signals a continued shift in how large financial institutions are investing in proactive, nimble fraud defenses by leaning into startup innovation. The fraud problem is now too big and too fast-moving to rely solely on legacy tools.
2. U.S. and Allies Warn of Escalating Iranian Cyber Threats
Cybersecurity and intelligence agencies including CISA, NSA, and the FBI issued a joint advisory this week warning of rising cyber activity from Iranian-affiliated actors and hacktivist groups. While there's no confirmed, coordinated campaign targeting U.S. infrastructure right now, agencies warn the threat is growing amid ongoing tensions between Iran and Israel.
Hackers are exploiting default credentials, unpatched systems, and weak segmentation to breach internet-connected OT and ICS environments. APT groups tied to Iran have a history of locating vulnerable systems, then escalating access using keyloggers and remote access software.
The warning includes specific risks to defense contractors and urges organizations to disconnect OT systems from public networks, enforce strong authentication, and monitor for lateral movement or credential theft.
Hacktivist campaigns are increasingly indistinguishable from state-sponsored operations. These attackers don’t need high-end tools when organizations are still leaving basic doors open. Weak credentials and exposed OT systems aren’t just IT risks, they’re geopolitical ones.
3. Europol Dismantles €460M Crypto Investment Fraud Ring
Europol and global law enforcement partners arrested five individuals in Spain last week in connection with a massive crypto investment fraud scheme that defrauded over 5,000 victims worldwide and laundered at least €460 million (about $540 million).
The operation, called Operation BORRELLI, targeted a sophisticated criminal network that funneled funds through fake crypto investment schemes. The group used a corporate and banking structure in Hong Kong, registered accounts under false identities across crypto exchanges, and relied on a sprawling network to launder money via transfers, withdrawals, and crypto.
Authorities carried out simultaneous searches in Madrid and the Canary Islands, aided by specialists from Europol, the U.S. Department of Homeland Security, and agencies in France and Estonia. A Europol cryptocurrency analyst was on-site in Spain to help trace the complex flow of funds.
While arrests have been made, the investigation continues. Europol warns that online fraud, especially when combined with AI for social engineering, is fast becoming the most serious form of organized crime in Europe.
===
That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.
Ready to get started with Spec?
Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.
Frequently Asked Questions
“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”
Payments Manager
