The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Authorities disrupt world’s largest IoT DDoS botnets responsible for record breaking attacks targeting victims worldwide
March 19, 2026
ANCHORAGE, Alaska – The U.S. Justice Department participated in a court-authorized law enforcement operation today to disrupt Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid and Mossad Internet of Things (IoT) botnets. The operation was conducted simultaneously to law enforcement actions conducted in Canada and Germany, which targeted individuals who operated these botnets. ...
- CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
March 19, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers. The agency said on Thursday that it was urging companies to take action and confirmed it was ...
- Unpacking a new Horabot campaign in Mexico
March 18, 2026
In this instalment of Kaspersky SOC Files series, Kaspersky researchers will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research ...
- Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
March 18, 2026
Marquis, a technology company used by hundreds of banks to analyze and visualize their customers’ data, says hundreds of thousands of people had their personal and sensitive financial information stolen in a ransomware attack last year. The Plano, Texas-based fintech company is notifying at least 672,075 people that hackers stole their information during the August 2025 ...
- Notorious online data leak market BreachForums taken down by whitehat heroes
March 17, 2026
BreachForums, one of the most popular underground forums for sharing malware, stolen data, and more – was taken down. Now, the admin seems to be giving up and looking for someone to pass the torch to. Over the weekend, the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC) posted on LinkedIn, saying that both the clearnet and Tor ...
- EU sanctions Chinese and Iranian companies for cyber attacks
March 16, 2026
The European Union on Monday imposed sanctions against two China-based and one Iranian company for cyber attacks against EU member states. The EU listed China-based Integrity Technology Group and Anxun Information Technology, and Iranian company Emennet Pasargad. Integrity Technology is seen to have enabled hacks of over65,000 devices across six member states, according to an EUstatement. ...