Threat actor abuse of AI accelerates from tool to cyberattack surface

For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...

Threat actor abuse of AI accelerates from tool to cyberattack surface

For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...

Exploit for Out-of-bounds Read in Openssl

--- Cybersecurity Labs Portfolio This repository contain...

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence AI tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan RAT, a...

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among...

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service MaaS model, target ove...

AI likely to boost ransomware, warns government body

The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...

Hades-C2 - Hades Basic Command And Control Server

Hades is a basic Command & Control server built using Python. It is currently extremely bare bones, but I plan to add more features soon. Features are a work in progress currently. This is a project made mostly for me to learn Malware Development, Sockets, and C2 infrastructure setups. Currently,...

Farnetwork the Mastermind of Five Ransomware Strains

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Farnetwork, a highly skilled threat actor fluent in Russian, has played a key role in five distinct ransomware-as-a-service RaaS programs, assuming diverse roles such as orchestrator and contributor to...

VX-API - Collection Of Various Malicious Functionality To Aid In Malware Development

The VX-API is a collection of malicious functionality to aid in malware development. It is recommended you clone and/or download this entire repo then open the Visual Studio solution file to easily explore functionality and concepts. Some functions may be dependent on other functions present with...

Skuld: The Infostealer that Speaks Golang

Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...

FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-o...

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The developer of the Typhon Reborn information stealer released version 2 V2 in January, which included significant updates to its codebase and improved capabilities. Most notably, the new version features additional anti-analysis and anti-virtual machine VM capabilities to evade detection and ma...

Prompt engineering and jailbreaking: Europol warns of ChatGPT exploitation

By Habiba Rashid The concern arises from the growing number of cybercriminals attempting to exploit the AI-based chatbot for developing malware and other malicious tools. This is a post from HackRead.com Read the original post: Prompt engineering and jailbreaking: Europol warns of ChatGPT...

ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry

Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more...

Maldev-For-Dummies - A Workshop About Malware Development

In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...