LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9
← Blog·Best Practices8 min read490 views

FFIEC Cybersecurity Assessment Tool (CAT): What Banks Get Wrong and How to Pass Your Next Exam

The FFIEC CAT has been the primary cybersecurity examination framework for US banks since 2015. Yet examiners still find the same gaps repeatedly — inherent risk underestimation, maturity level inflation, and governance documentation that does not match actual practice. Here is how to close those gaps before your next exam.

H
HorizonShield SOC Team
February 2, 2026

Why Banks Fail FFIEC Cyber Exams

The FFIEC Cybersecurity Assessment Tool assesses two dimensions: Inherent Risk (the risk embedded in your business model, products, and technology) and Cybersecurity Maturity (the controls you have in place to manage that risk). The most common examiner findings are not about missing controls — they are about the gap between documented maturity and actual practice.

The 5 Most Common FFIEC Exam Findings

  1. Inherent risk underestimated: Organisations rate themselves lower-risk than their technology stack, third-party dependencies, and transaction volumes justify. Examiners see through this immediately.
  2. Maturity levels not supported by evidence: Claiming "Managed" maturity requires documented metrics, control testing results, and independent validation — not just policy documents.
  3. Third-party risk register incomplete: Many banks cannot produce a complete list of ICT vendors with documented criticality ratings and last assessment dates.
  4. Incident response plan not tested: A plan that has never been exercised is not a plan — it is a document. Examiners ask for tabletop exercise records.
  5. Board reporting insufficient: Cybersecurity risk must be reported to the board in language the board can act on, with KPIs and trend data. Generic security updates do not satisfy examiners.

The Pre-Exam Preparation Checklist

  • Complete inherent risk self-assessment with supporting evidence (transaction volumes, third-party count, technology complexity)
  • Maturity statements backed by documented evidence for each declarative statement
  • Third-party vendor register with criticality, last assessment date, and remediation tracking
  • Incident response plan with tabletop exercise record from the last 12 months
  • Board cybersecurity report from the last 3 board meetings
  • Penetration test report from the last 12 months, with remediation tracking
  • User access review evidence from the last 90 days

HorizonShield FFIEC Readiness Assessment

We conduct FFIEC pre-examination readiness assessments that simulate the examiner's process — identifying gaps before examiners do. Our team has direct experience operating inside institutions subject to FFIEC examination, which means we know the questions examiners ask before they ask them.

Best PracticesCybersecurityHorizonShield
← More Articles
H
HorizonShield SOC Team
HorizonShield Security Team

Cybersecurity expert at HorizonShield, specializing in threat intelligence, incident response, and enterprise security architecture.

Related Articles