The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- North Korea-backed hackers launch newly detected cyberattack using HWP object linking and embedding code
December 22, 2025
A North Korea-linked cyber hacking group appears to have launched a new cyberattack campaign, code-named “Artemis,” that embeds malicious code inside computer files, a report showed Monday. The Genians Security Center (GSC), a South Korean cybersecurity institute, said in a report that it detected the operation believed to have been carried out by APT37, a Pyongyang-backed ...
- Romania: Around 1,000 systems compromised in ransomware attack on water agency
December 22, 2025
Romania’s cybersecurity agency confirms a major ransomware attack on the country’s water management administration has compromised around 1,000 systems, with work to remediate them still ongoing. Administrația Națională Apele Române (Romanian Waters) says its geographical information system applications servers, database servers, Windows workstations, Windows Servers, email and web servers, and domain name servers are all affected. ...
- Hackers hijacking WhatsApp accounts without any need to crack the authentication
December 21, 2025
Security researchers are warning WhatsApp users about a growing account hijacking technique that does not rely on breaking passwords or bypassing encryption. Attackers exploit WhatsApp’s legitimate device-linking feature to quietly attach their own browser to a victim’s account. Once linked, the attacker can read messages in real time, download shared media, and send messages that appear ...
- Data breach exposes 400,000 bank customers’ information
December 20, 2025
A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data. At least 400,000 people are confirmed to be affected so far across multiple states. ...
- U.S. DOJ: Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware
December 19, 2025
Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks. Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, ...
- Thailand says Cambodia border fight is also a war on scammers
December 19, 2025
Thailand’s army has recast its deadly clash with Cambodia as a battle against cybercriminals, adding a new motive for bombing runs across the border that it says are aimed at rooting out scammers. Calling the strikes a “war against the scam army,” a military division involved in the border fight said this week it’s on the ...