The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GodRAT – New RAT targeting financial institutions
August 19, 2025
In September 2024, Kaspersky researchers detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers ...
- Workday hit by data breach targeting CRM systems
August 18, 2025
The US company was affected by a social engineering campaign that bears similarities to a recent wave of attacks by extortion group ShinyHunters. Enterprise software company Workday recently suffered a data breach after threat actors targeted a third-party customer relationship management (CRM) platform. According to a blogpost by the US company on Friday (15 August), threat ...
- Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
August 18, 2025
In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which Kaspersky researchers first discovered in December 2022 in a RansomExx ransomware campaign. ...
- UNODC: Organized crime dynamics in the context of war in Ukraine
August 18, 2025
This report aims to address the following overarching questions: how has the ongoing war against Ukraine affected organized crime and illicit markets in Ukraine, and what are the possible implications for the country, the region and the international community? These questions are addressed through research into the following six areas: Organized crime structures and their evolution Drug supply ...
- UK: Thousands of Afghans, troops and civil servants may be victims of new data breach
August 16, 2025
Some 3,700 Afghans, British troops and civil servants may have fallen victim to a new data breach, after an incident involving a company linked to the Ministry of Defence. Stansted-based Inflite The Jet Centre Ltd suffered a data security incident which led to “unauthorised access to a limited number of company emails”, according to the firm. ...
- Telco giant Colt suffers attack, takes systems offline
August 15, 2025
Multinational telco Colt Technology Services says a “cyber incident” is to blame for its customer portal and other services being down for a number of days Per its status page, the issues began on August 12 when a reported incident led to disrupted services for some customers. The London-headquartered company’s customer portal, Colt Online, was the ...