The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Australia’s Qantas says cyber criminal contacts one week after data breach
July 7, 2025
A cyber criminal has made contact with Australia’s Qantas following a data breach last week that exposed personal information of six million customers, a company spokesperson told Reuters on Tuesday. The hacker had targeted a call centre and gained access to a third-party customer service platform containing the customers’ names, email addresses, phone numbers, birth dates ...
- Louis Vuitton Korea says systems breach led to customer data leak
July 4, 2025
A systems breach at Louis Vuitton Korea in June led to the leak of some of customer data including contact information, but did not involve customers’ financial information, the luxury brand’s South Korea unit said on Friday. “We regret to inform that an unauthorized third party temporarily accessed our system resulting in the leak of some ...
- French government hit by Chinese hackers exploiting Ivanti security flaws
July 4, 2025
In late 2024, Chinese state-sponsored threat actors abused multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices to access French government agencies, as well as numerous commercial entities such as telcos, finance, and transportation organizations. The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted threat ...
- Taking SHELLTER: a commercial evasion framework abused in the wild
July 3, 2025
Elastic Security Labs is observing multiple campaigns that appear to be leveraging the commercial AV/EDR evasion framework, SHELLTER, to load malware. SHELLTER is marketed to the offensive security industry for sanctioned security evaluations, enabling red team operators to more effectively deploy their C2 frameworks against contemporary anti-malware solutions. SHELLTER, like many other offensive security tools (OSTs), is ...
- Mexican drug cartel hacked cameras and phones to spy on FBI and identify witnesses
July 3, 2025
The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau’s defenses against this kind of surveillance are still inadequate. The findings came to light in a June ...
- Ransomware crew Hunters International shuts down, hands out keys to victims
July 3, 2025
Ransomware gang Hunters International has shut up shop and offered decryption keys to all victims as a parting favor. Announcing the news on Thursday morning, the gang deleted all victim data from its dark web leak site and issued a statement confirming its closure. “We, at Hunters International, wish to inform you of a significant decision regarding ...