The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malaysia: Nacsa investigating alleged cyber-espionage targeting multiple government bodies
February 7, 2026
The National Cyber Security Agency (Nacsa) is currently investigating alleged incidents of cyber-espionage activity targeting various Malaysian government entities. In a statement to StarLifestyle, a Nacsa spokesperson said the agency is aware of a report published by Unit 42, the threat research unit of US-based cybersecurity firm Palo Alto Networks. The Nacsa spokesperson said the agency ...
- Approaching cyclone: Vortex Werewolf attacks Russia
February 6, 2026
In December 2025 and January 2026, BI.ZONE Threat Intelligence detected malicious activity by a new cluster Vortex Werewolf (SkyCloak). The attacks targeted Russian government and defense organizations. BI.ZONE researchers findings indicate that the adversary used phishing emails to deliver malware to the target systems. Victims received messages containing a download link disguised as a Telegram file‑sharing ...
- China’s Salt Typhoon hackers broke into Norwegian companies
February 6, 2026
The Norwegian government has accused the Chinese-backed hacking group known as Salt Typhoon of breaking into several organizations in the country. In a report published on Friday, the Norwegian Police Security Service said the hacking group, believed to be working for the Chinese government, targeted vulnerable network devices to conduct espionage. Norway is the latest country ...
- Novel Technique to Detect Cloud Threat Actor Operations
February 6, 2026
Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. The difficulty doesn’t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor ...
- Photo-Sharing Platform Flickr Issues Data Breach Warning
February 6, 2026
It’s not been the greatest start to February as far as data breaches are concerned. Substack has confirmed it has been hacked, and now Flickr has issued a warning to users concerning a data breach vulnerability that might have leaked their personal data. Although it’s unknown how many users may have been affected at this stage, ...
- Dynowiper: Destructive Malware Targeting Poland’s Energy Sector
February 6, 2026
The coordinated destructive campaign against critical energy infrastructure occurred on December 29, 2025, during a period of severe winter weather in Poland. According to CERT Polska’s report, the campaign targeted: 30+ wind and solar farms across Poland; A major CHP plant supplying heat to nearly half a million customers; A manufacturing sector company characterized as an ...