#ai-enabled-phishing
#ai-enabled-phishing

Information security

Attackers are targeting developers via Slack and Google Sites

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

more#phishing

fromThe Washington Post

Inside a growing movement warning AI could turn on humanity

"That requires a bunch of people to go take things that folks here are figuring out and [explain them] to the rest of the world," said Jeffrey Ladish, emphasizing the need for effective communication about AI risks.

US news

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

fromSFGATE

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.

fromAP News

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies like Google to enhance their defenses against malicious ads.

Bitcoin Rebounds, But Crypto's Security Crisis Intensifies Week in Review

Bitcoin and major cryptocurrencies rose, indicating risk appetite despite ongoing geopolitical and economic uncertainties.

#ai

fromFuturism

1 hour ago

Medicine

Researchers Invented a Fake Disease to Trick AI and the Funniest Possible Thing Happened

fromMedium

5 hours ago

Test smart: how to approach AI and stay sane?

AI tools can enhance productivity but may compromise quality if not used critically.

Information security

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

Medicine

fromFuturism

1 hour ago

Researchers Invented a Fake Disease to Trick AI and the Funniest Possible Thing Happened

A fake disease called bixonimania was created to demonstrate how AI can be misled by false information in scientific literature.

fromMedium

5 hours ago

Test smart: how to approach AI and stay sane?

AI tools can enhance productivity but may compromise quality if not used critically.

fromwww.independent.co.uk

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.

more#ai

Online learning

fromeLearning Industry

21 hours ago

How AIPowered Learning Tools Are Transforming Employee Training

AI transforms Learning and Development by providing hyper-personalized training experiences that enhance efficiency and employee satisfaction.

UK politics

17 hours ago

Government to host summit about keeping children safe online in age of AI

The Independent focuses on critical issues like reproductive rights and online safety, emphasizing the need for accessible journalism.

Philosophy

fromPsychology Today

21 hours ago

AI and the Meaningless Gap

The comparison between AI and human intelligence may be fundamentally flawed as they occupy different spaces of cognition.

#cybersecurity

fromEntrepreneur

Careers

He Was Laid Off, Posted on LinkedIn - Then Scammers Started Impersonating Real Recruiters to Target Him

Software development

Claude Opus wrote a Chrome exploit for $2,283

Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

Information security

Government Can't Win the Cyber War Without the Private Sector

Information security

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Careers

fromEntrepreneur

He Was Laid Off, Posted on LinkedIn - Then Scammers Started Impersonating Real Recruiters to Target Him

Cybercriminals are impersonating recruiters on LinkedIn to exploit job seekers, especially those recently laid off.

Software development

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

What Are Security Experts Saying About OpenAI's GPT-5.4-Cyber?

OpenAI launched GPT-5.4-Cyber for cybersecurity, offering broad access to defenders while emphasizing safety and continuous improvement.

Government Can't Win the Cyber War Without the Private Sector

Governments must collaborate with the private sector to effectively manage the growing complexity of cyber threats.

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

A hacking group exploited 108 Chrome Extensions to steal data from around 20,000 users, posing as legitimate tools.

53 DDoS Domains Taken Down by Law Enforcement

Law enforcement in 21 countries coordinated to disrupt DDoS-for-hire services, resulting in arrests and the takedown of numerous domains.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

#privacy

Privacy technologies

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

fromMIT Technology Review

Building trust in the AI era with privacy-led UX

Well-designed consent experiences enhance trust and business performance, evolving privacy into an ongoing relationship rather than a one-time transaction.

A New Kind of Scandal Is Growing Online. It's Ruining Careers-and Aimed at the Wrong Target.

A.I. detection controversies highlight concerns over authorship and the impact of technology on writing.

Deliverability

fromenglish.elpais.com

Only 13% of emails are written by people, and more than half end up in the spam folder: This isn't a technical detail; it's a structural change'

Email is increasingly dominated by automated systems, with 87% of traffic generated by them, leading to declining effectiveness and user engagement.

Social media marketing

fromAxios

The first AI-era war is a "slopaganda" battle to control memes

AI-generated content is rapidly spreading propaganda, making it easier for influencers to adopt conspiracy theories.

3 hours ago

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Medicine

fromwww.bbc.com

15 hours ago

Should you really trust health advice from an AI chatbot?

AI chatbots can provide tailored health advice but may also give dangerously incorrect information, impacting users' health decisions.

#ai-governance

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromAbove the Law

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.

fromFortune

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.

fromAbove the Law

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.

more#ai-governance

EU data protection

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.

fromMail Online

Is YOUR phone safe? Facial recognition on 21 devices can be spoofed

Facial recognition on many mobile phones can be easily fooled by printed photos, posing security risks for users.

Software development

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

Deliverability

fromZDNET

This simple email trick saves me from annoying marketing spam (and it's free to do)

Using a dedicated shopping email can effectively reduce spam and clutter in your primary inbox.

fromArs Technica

Your tech support company runs scams. Stop-or disguise with more fraud?

Tech Live Connect processed fraudulent charges using real customer data, including names and addresses, to make the charges appear legitimate and maintain a low chargeback ratio.

Privacy professionals

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

ZionSiphon Malware Targets ICS in Water Facilities

Information security

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

6 days ago

Information security

Fake Claude Website Distributes PlugX RAT

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

A new malware campaign targeting Ukrainian healthcare institutions has been identified, utilizing deceptive emails to deliver malicious payloads.

6 days ago

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

more#malware

fromThe Cyber Express

Gemini Ad Safety Targets Surge In AI-Generated Scam Ads

Google's Gemini ad safety systems blocked over 8.3 billion harmful ads in 2025, focusing on early detection and combating AI-generated scams.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

#identity-verification

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

more#identity-verification

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

fromMail Online

Warning to iPhone users over iCloud storage scam exposing bank details

A new email scam targets iPhone users, posing as iCloud notifications to steal personal and banking information.

#north-korea

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

more#north-korea

fromSan Diego Union-Tribune

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech companies to enhance their defenses against these threats.

fromThe Verge

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.

fromThe Verge

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

fromBusiness Matters

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

fromFast Company

It's way too easy to cheat now

Generative AI enables undetectable scams, including fake X-rays that deceive even experienced radiologists.

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

Artificial intelligence

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

fromHarvard Gazette

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.

Artificial intelligence

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

A global law enforcement operation targeted over 75,000 alleged cybercriminals using DDoS-for-hire services, resulting in arrests and domain takedowns.

fromthenextweb.com

Unmasking the illusion of safety online

Personal cybersecurity responsibility is essential as cybercrime costs billions annually, with social media amplifying vulnerabilities through voluntary data sharing and AI-enabled threat analysis.

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

fromWIRED

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

fromAxios

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.

fromWIRED

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

A new ad fraud scheme uses SEO techniques and AI-generated content to deceive users into enabling browser notifications for scams.

fromArs Technica

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

The FBI dismantled a global phishing operation, W3LL, targeting over 17,000 victims and facilitating over $20 million in fraud.

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."

Information security

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Attackers deliberately overwhelm SOC analysts with high-volume phishing campaigns to delay investigations and create windows for successful breaches, making analyst capacity a critical vulnerability.

fromPCWorld

Phishing scammers weaponize ICE ragebait

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Information security

fromComputerworld

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.

Crims hit the easy button for IT helpdesk scams

Custom voice-phishing kits sold on dark-web channels enable attackers to spoof authentication flows, intercept credentials and MFA codes, and orchestrate live helpdesk social-engineering.

fromZDNET

Half of all cyberattacks start in your browser: 10 essential tips for staying safe

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.

Information security

AI-powered cyberattack kits are 'just a matter of time'

Cybercriminals will soon chain AI tools into automated, end-to-end attack toolkits, forcing CISOs to prepare for large-scale, automated cyberattacks.

The 25 Most Vulnerable Passwords of 2026

The methodology involved assessing Comparitech's Most Common Password report and NordPass's Top 200 Most Common Passwords list, then leveraging KeywordTool to determine search volumes to find the 25 most common passwords based on global popularity. According to the research, higher search volumes could suggest higher public interest, which could lead to higher password usage. Therefore, this places those passwords at a greater risk of being hacked.

Information security

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

Over 150 coordinated cloned law-firm websites impersonate firms to re-victimize fraud victims by offering free asset recovery and evading takedowns.

fromMashable