Artificial intelligence is rapidly reshaping the cyber threat landscape, giving attackers new tools to scale and refine their operations. A clear example is PromptSpy, identified by ESET researchers, which represents a new class of Android malware that harnesses generative AI to craft highly convincing phishing content and streamline social engineering against mobile users. In parallel, the Starkiller phishing kit is equipping adversaries with adversary-in-the-middle capabilities that intercept session cookies and authentication tokens, effectively sidestepping multi-factor authentication protections in real time. Meanwhile, scammers are exploiting Google Gemini chatbots to promote fraudulent cryptocurrency schemes, using AI-generated conversations to build trust and persuade victims into investing in bogus digital assets. Continue reading further.
01
PromptSpy marks a new wave of Android threats leveraging generative AI (GenAI) to create convincing phishing lures and automate social engineering attacks against mobile users.
02
The Starkiller phishing kit is enabling attackers to bypass multi-factor authentication (MFA) by using adversary-in-the-middle techniques to capture session cookies and authentication tokens in real time.
03
The Remcos RAT malware has evolved with expanded real-time monitoring capabilities, enhancing attackers’ ability to conduct surveillance, keylogging, and remote system control.
04
A cryptocurrency scam campaign is abusing Google Gemini chatbots to convince victims to invest in fake crypto opportunities, leveraging AI-generated persuasion tactics to increase credibility.
05
Researchers uncovered a sophisticated phishing campaign capable of bypassing Microsoft 365 MFA protections by leveraging advanced token interception and session hijacking techniques.
06
The Emoji Smuggling technique hides malicious code within seemingly harmless emoji characters and Unicode encoding, allowing attackers to evade detection and deliver stealthy payloads.
07
Chinese threat actors are exploiting a vulnerability in Dell RecoverPoint to deploy the GrimBolt malware, enabling persistent access and data exfiltration from targeted enterprise systems.
08
A critical vulnerability in Grandstream VoIP phones allows attackers to silently eavesdrop on calls by exploiting improper authentication controls, raising serious enterprise surveillance risks.
09
A recent Google Chrome security update patches vulnerabilities in the PDFium and V8 JavaScript engine components, addressing flaws that could allow remote code execution if exploited.
10
A newly disclosed BeyondTrust vulnerability exposes privileged access management systems to potential compromise, allowing attackers to escalate privileges and gain unauthorized access.
