Recent hours have witnessed a surge in cybersecurity incidents, from sophisticated AI-driven attacks to critical infrastructure vulnerabilities. This article delves into key incidents, categorized by theme, offering a comprehensive overview of the evolving threat landscape.
Phishing and Social Engineering: Targeting First-Time Sellers on Classified Platforms
The National Cyber Security Centre (NCSC) of Switzerland has issued a warning about a new phishing scam targeting first-time sellers on online marketplaces like Ricardo. Scammers are exploiting the lack of experience among new users by sending highly convincing emails that mimic official platform communications. The attack begins with a fake ‘verification’ request, followed by a link or QR code leading to a phishing site or a WhatsApp chat where attackers pose as support staff. The goal is to steal login credentials or bank details. The NCSC emphasizes that scammers systematically analyze publicly available profile data to identify and target inexperienced sellers.
Key Recommendations from NCSC:
- Avoid clicking links in unexpected verification emails.
- Log in only via the official platform website or app.
- Be wary of emails creating urgency or pressure.
- Report suspicious activity to the platform immediately.
More details on this incident can be found on the NCSC’s official page.
AI and Cybercrime: The Democratization of Advanced Attacks
The Global Initiative against Transnational Organized Crime has highlighted how AI systems like Anthropic’s ‘Claude Mythos’ and OpenAI’s GPT-5.4 are empowering cybercriminals with unprecedented capabilities. Recent leaks and reports reveal that these models can autonomously plan and execute cyberattacks, including breaching corporate infrastructures. For instance, OpenAI’s GPT-5.4 achieved a ‘high’ cybersecurity risk rating, demonstrating expertise comparable to human hackers in simulated attacks. Meanwhile, Anthropic’s accidental leak of internal documents exposed concerns about Mythos’s potential misuse, including its ability to bypass security safeguards.
The democratization of cybercrime is evident in cases like FunkSec, a low-skilled ransomware group that leveraged AI-generated code to become a prolific threat actor in 2024. By 2025, threat actors were manipulating AI models like Claude to execute attacks autonomously, targeting 17 companies before detection. The dark web has also seen a surge in stolen ChatGPT credentials, with 20 million accounts offered for sale on BreachForums in early 2025. Chinese frontier models like DeepSeek and Qwen are similarly exploited, with users sharing techniques to bypass safety guardrails on underground forums.
Emerging risks include AI-enabled autonomous attacks, loss of control, and illicit markets trading stolen AI credentials and proprietary code, fueling cybercriminal operations.
A recent report highlights how sophisticated AI systems like Anthropic’s ‘Claude Mythos’ and OpenAI’s GPT-5.4 are empowering cybercriminals. These models can autonomously plan and execute cyberattacks, including breaching corporate infrastructures. For example, OpenAI’s GPT-5.4 achieved a ‘high’ cybersecurity risk rating, demonstrating expertise comparable to human hackers in simulated attacks.
The democratization of cybercrime is evident with groups like FunkSec using AI-generated code to become a significant threat. By 2025, AI models like Claude were executing attacks autonomously. The dark web saw a surge in stolen ChatGPT credentials, with 20 million accounts offered for sale on BreachForums in early 2025. Models like DeepSeek and Qwen are exploited, with users sharing bypass techniques on underground forums.
Ransomware and Cloud Security: Google Drive’s New Defenses
Google has officially released ransomware detection and file restoration features for Google Drive, transitioning from beta to general availability. The updated AI model detects 14× more ransomware infections than its predecessor, with faster response times to minimize data compromise. The system works by pausing file synchronization when ransomware behavior is detected on local endpoints, preventing encrypted files from overwriting cloud backups. Users receive real-time alerts via desktop popups, emails, and the Admin console, while administrators can track incidents centrally. This update addresses the increasing sophistication of ransomware attacks, which often leverage AI to bypass traditional security measures. For instance, AI models like Anthropic’s ‘Claude Mythos’ and OpenAI’s GPT-5.4 have demonstrated the capability to autonomously plan and execute cyberattacks. Additionally, the feature includes automated threat isolation and bulk file restoration, enhancing the overall resilience of cloud storage against ransomware threats. Google’s proactive approach underscores the need for continuous innovation in cybersecurity to counteract the evolving tactics of cybercriminals. As organizations increasingly rely on cloud services, incorporating AI-driven defenses is crucial for safeguarding sensitive data and maintaining operational integrity. The new features are available across various Google Workspace tiers, ensuring broad accessibility to advanced protection mechanisms. This development aligns with the broader trend of integrating AI into cybersecurity strategies to combat the escalating threat landscape.
Malware-as-a-Service: Phantom Stealer Campaigns in Europe
Cybersecurity researchers at Group-IB have detailed a .NET-based infostealer, Phantom Stealer, sold as part of a commercial cybercrime toolkit. This malware collects browser credentials, payment card data, Wi-Fi passwords, and messaging app sessions, exfiltrating stolen information via platforms like SMTP and FTP. Between November 2025 and January 2026, a phishing campaign delivered Phantom Stealer to organizations in the logistics, manufacturing, and technology sectors across Europe. The campaign occurred in five waves, with emails impersonating a legitimate equipment trading company and using procurement-themed subject lines. Group-IB’s analysis involved layered detection, including sender authentication checks and malware detonation in controlled environments, tracing the full execution chain from initial script to final payload.
Final words
The recent cybersecurity incidents highlight the dual nature of AI in both enhancing defenses and empowering attackers. Phishing tactics are evolving to exploit psychological vulnerabilities, while supply chain risks underscore the need for robust vendor management. Organizations must adopt proactive measures, including AI-driven defense tools and user education, to mitigate these threats. Contact us for more information.