Cybercrime has entered a dangerous new era powered by AI, according to Group-IB's latest report. Since 2022, criminals can buy "synthetic identity kits" with AI video actors and cloned voices for just $5, while deepfake services start at $10 monthly.

Dark web discussions about AI crime tools exploded from under 50,000 messages annually (2020-2022) to 300,000 per year since 2023. Criminals now use "agentized" phishing that personalizes attacks and adapts in real-time using AI feedback.

Most concerning are "dark LLMs" - unrestricted AI models like Nytheon AI that help generate malware, scams, and exploits without ethical guardrails. These subscription services ($30-200 monthly) serve over 1,000 criminal users, making sophisticated attacks accessible to anyone with basic technical skills.

Source: Infosecurity Magazine

Five coordinated Chrome extensions are attacking major enterprise platforms like Workday, NetSuite, and SuccessFactors, affecting over 2,300 users. Published under names "databycloud1104" and "softwareaccess," these fake productivity tools steal authentication tokens and hijack user sessions.

The most dangerous feature involves bidirectional cookie injection, letting attackers access victim accounts without passwords or bypassing multi-factor authentication. The extensions extract session tokens every 60 seconds and block up to 56 administrative pages, preventing security teams from resetting passwords or disabling compromised accounts.

When administrators try to respond, the extensions replace security pages with blank content, creating a scenario where breaches are detected but can't be stopped through normal procedures.

Source: Cybersecurity News

In October 2020, Aleksanteri Kivimäki hacked Vastaamo, Finland's largest psychotherapy company, stealing intimate therapy notes from 33,000 patients. The self-proclaimed "untouchable hacker god" demanded €200-500 in bitcoin from each victim, threatening to publish their deepest secrets online.

Kivimäki had already leaked records of politicians and public figures on the dark web, exposing details of adultery, suicide attempts, and sexual violence. Some records belonged to children. At least two victims took their own lives after learning their therapy notes were compromised.

Police traced bitcoin payments and server records back to Kivimäki, arresting him in Paris in 2023. He was sentenced to over six years in prison in 2024. Vastaamo went bankrupt, and the government now compensates victims while copies of the stolen files continue circulating online.

Source: The Guardian

IT giant Ingram Micro suffered a ransomware attack on July 3, 2025, compromising personal information of 42,521 employees and job applicants. Hackers accessed internal systems for two days, stealing names, Social Security numbers, passport numbers, driver's licenses, and employment records.

The attack forced Ingram Micro to take systems offline, causing widespread service outages until operations resumed July 9. The Safepay ransomware group claimed responsibility and allegedly stole 3.5 terabytes of data, later releasing it publicly in August when Ingram Micro apparently refused to pay ransom.

The company is offering affected individuals 24 months of free credit monitoring and identity protection services.

Source: Security Week

Nicholas Moore, a 24-year-old from Springfield, Tennessee, pleaded guilty Friday to hacking the U.S. Supreme Court's filing system on 25 separate occasions in 2023. Using stolen credentials, Moore accessed personal records and bragged about his exploits on Instagram under the handle "@ihackedthegovernment."

Moore also admitted to illegally accessing AmeriCorps computer servers and a Department of Veterans Affairs veteran's health platform, posting screenshots of the stolen information online. He faces up to one year in prison on a misdemeanor computer fraud charge, with sentencing scheduled for April 17 before U.S. District Judge Beryl Howell in Washington, D.C.

Source: Security Week

Security researchers at XM Cyber discovered that Google's Vertex AI contains dangerous default configurations allowing low-privileged users to hijack powerful Service Agent roles. The vulnerability affects two components: the Vertex AI Agent Engine and Ray on Vertex AI.

Attackers can exploit these flaws through "confused deputy" scenarios, starting with minimal read-only permissions but escalating to remote code execution and credential theft. In one attack path, hackers upload malicious code disguised as legitimate tools, then trigger execution to steal Service Agent tokens from instance metadata.

Google dismissed the findings as "working as intended," despite the risks. The Service Agents receive broad project permissions by default, potentially exposing Cloud Storage, BigQuery, and other sensitive resources to unauthorized access.

Source: Cybersecurity News

Blacon High School near Chester has shut down temporarily after a ransomware attack hit on Friday. Head teacher Rachel Hudson announced students won't return Monday and Tuesday while cyber-security experts investigate the data breach.

The closure could extend longer as the school waits for all staff devices to be cleaned. Teachers will then need time to re-plan lessons and set up remote work through Google Classroom. Students can still collect lunch from reception between 11:00 and 13:00 GMT on January 20-21.

The school promises to reopen "as soon as it is safe to do so" and will update parents when more information becomes available.

Source: BBC

Cisco released patches Thursday for a maximum severity vulnerability (CVE-2025-20393) in its email security products that Chinese hackers have been exploiting since November. The flaw allows attackers to execute commands with root privileges on affected Secure Email Gateway and Email and Web Manager appliances.

Cisco's Talos team discovered the attacks targeting a small number of devices. The China-linked group UAT-9686 used the zero-day to install backdoors including AquaShell and tunneling tools. The vulnerability stems from poor HTTP request validation in the Spam Quarantine feature.

Patches are available for multiple AsyncOS versions, with no workarounds. Cisco urges immediate updates through the web interface.

Source: SecurityWeek

Cisco confirmed active exploitation of a critical zero-day vulnerability (CVE-2025-20393) in its Secure Email Gateway appliances, scoring a maximum 10.0 CVSS rating. Chinese threat actors UAT-9686, linked to APT41, have been exploiting the flaw since November 2025 to execute remote commands with root privileges.

The attackers deploy custom tools including AquaShell backdoor and AquaTunnel for network pivoting, primarily targeting telecommunications and critical infrastructure for espionage. CISA added the vulnerability to its Known Exploited Vulnerabilities list, requiring federal agencies to patch by December 24, 2025.

Cisco released patches and urges immediate upgrades, as no workarounds exist for this internet-exposed vulnerability.

Source: Cybersecurity News

The Canadian Investment Regulatory Organization (CIRO) disclosed that hackers stole personal data from 750,000 individuals during a sophisticated phishing attack in August 2025. The compromised information includes social insurance numbers, dates of birth, government ID numbers, income details, and investment account information.

CIRO says the breach didn't affect critical operations and there's no evidence the stolen data has been misused or appeared on the dark web. The organization is providing two years of free credit monitoring to affected individuals and has started mailing notification letters to impacted clients.

Source: Security Week