OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups

OpenAI's new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea...

Report on the Malicious Uses of AI

OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive...

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its...

Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China PRC. "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,"...

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations IO originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence AI tools to manipulate public discourse or political outcomes online while obscuring their true identity...

U.S. Treasury Hamas Spokesperson for Cyber Influence Operations

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir 'Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson o...

From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks

Large language models LLMs powering artificial intelligence AI tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively loweri...

Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell,...

Microsoft shifts to a new threat actor naming taxonomy

April 19, 2023 update – We have published a JSON file mapping old threat actor names with their new names in the updated taxonomy, summarized here: https://aka.ms/threatactors. We also added hunting queries that Microsoft customers can use while transitioning to the new taxonomy. See the Resource...

TikTok "a loaded gun" says NSA

America's TikTok-addicted youth is playing with a "loaded gun" according to General Paul Nakasone, Director of the National Security Agency NSA. Speaking at a US Senate hearing on Wednesday, the general said "one third of Americans get their news from TikTok", adding "one sixth of American youth...

Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior CIB so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic,...

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National...

CISA offers guidance on dealing with information manipulation

Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension. In response, the Cybersecurity & Infrastructure Security Agency CISA has released CISA Insights: Preparing for and Mitigating Foreign...

Iran Media Websites Seized by U.S. in Disinformation Campaign

The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian...

Heightened Awareness for Iranian Cyber Activity

Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service DDoS attacks, and theft of personally identifiable information PI...

Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks

NEW ORLEANS – Researchers have observed the blossoming of a new type of social media nuisance they are calling Trolling-as-a-Service. They say these rabble-rousing efforts have emerged as a clever new way for hackers to launch coordinated and dangerous attacks via Facebook and Twitter. Speaking a...

CVE-2019-18899

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1...

FBI Expands Election Security Resources

The Federal Bureau of Investigation FBI has released additional election security resources as part of the Protected Voices initiative. Created in partnership with FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence, Protected Voices is an effort to...

Influence Operations Kill Chain

Influence operations are elusive to define. The Rand Corp.'s definition is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent." Basically, we know it when we see it, from bots...

Fishwrap Campaign Sways Social Media Users with Old News

An influence operation that recycles old news about terror incidents and re-publishes them as if they were new is making the rounds on social media, according to Recorded Future analysis. The technique, which the researchers have dubbed Fishwrap since it repurposes old news, is also using a speci...