The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Fraudsters Target US Stock Investors through Investment Clubs Accessed on Social Media and Messaging Applications
July 3, 2025
The FBI warns the public about criminals targeting US stock investors through social media platforms and messaging service applications (apps). The scheme, known as a “ramp-and-dump” stock manipulation, targets US investors through online engagement, often via social media advertisements or messages promoting an “investment club” of fellow investors, some of which may be bots or ...
- macOS NimDoor, DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware
July 2, 2025
In April 2025, Huntabil.IT observed a targeted attack on a Web3 startup, attributing the incident to a DPRK threat actor group. Several reports on social media at the time described similar incidents at other Web3 and Crypto organizations. Analysis revealed an attack chain consisting of an eclectic mix of scripts and binaries written in AppleScript, C++ ...
- Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
July 2, 2025
A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their ...
- Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions
July 2, 2025
Brazil’s central bank said on Wednesday that technology services provider C&M Software, which serves financial institutions lacking connectivity infrastructure, had reported a cyberattack on its systems. The bank did not provide further details of the attack, but said in a statement that it ordered C&M to shut down financial institutions’ access to the infrastructure it operates. ...
- Windows Shortcut (LNK) Malware Strategies
July 2, 2025
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Palo Alto Unit 42 telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, Unit 42 researchers present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples. Windows shortcut files use the .lnk file ...
- Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach
July 2, 2025
Qantas is warning a “significant” amount of customer data has likely been stolen from its records during a cyber attack. The airline has released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre. The airline said 6 million customers had service records in this ...