The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DOJ says ransomware gang tapped into Russian government databases
May 6, 2026
A U.S. court has sentenced Latvian hacker Deniss Zolotarjovs to more than eight years in prison following his conviction for carrying out ransomware attacks. The Justice Department accused the hacker of working for a notorious Russian ransomware gang called Karakurt, which was led by former leaders of the Akira and Conti ransomware gangs, who were sanctioned ...
- DAEMON Tools software compromised with a malicious payload
May 5, 2026
In early May 2026, Kaspersky researchers identified installers of the DAEMON Tools software, used for mounting disk images, to be compromised with a malicious payload. These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers. Kaspersky analysis revealed that the software installers have been ...
- Trellix confirms data breach after hack of ‘a portion’ of its source code
May 5, 2026
Cybersecurity giant Trellix has confirmed suffering a cyberattack in which threat actors accessed parts of its source code. In a brief announcement published on its website, Trellix said it had identified “unauthorized access to a portion of source code repository”. As soon as it spotted the intrusion, the company brought in third-party security experts to ...
- Thousands of Facebook accounts stolen by phishing emails sent through Google
May 4, 2026
Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The attackers found a way to send phishing emails that come “through Google,” making them look legitimate ...
- Employees are now more dangerous to their company than external hackers
May 4, 2026
New data from Orange Cyberdefense has suggested the biggest risks companies face could now be coming from inside, with internal threats rising from 47% to 57% in the space of less than a year. For the first time ever, internal threats have become more common that external ones, with hacking remaining pretty steady at 31% of ...
- Hackers crawled Canadian streets with SMS blasters causing 13 million network disruptions
May 1, 2026
Authorities in Canada have disclosed details of a mobile cyber operation that relied on SMS blasters mounted inside vehicles moving through urban areas. Three suspects drove around downtown Toronto with these hidden devices running in their cars, impersonating cell towers. The Toronto Police Service confirmed that this marked the first operation of its kind ever recorded ...