AI-powered ransomware is revolutionizing cybercrime. Using artificial intelligence, attackers automate targeting, evasion, and encryption enabling self-learning, large-scale attacks that outpace human defenses.
Encrypted doesn’t mean invisible. Microsoft’s “Whisper Leak” shows a passive observer can classify AI chat topics by watching packet sizes and timing on streaming language models. Here’s how the side-channel works, who can exploit it, and which mitigations actually move the needle.
Data broker Experian has been fined $3.2 million after regulators found it had illegally gathered, profiled, and resold consumer data for marketing without consent. The case highlights growing regulatory scrutiny of data brokers and renewed enforcement of privacy laws across the UK and Europe.
EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
Volkswagen Group faces a serious cybersecurity challenge after ransomware gang 8Base claimed to have stolen sensitive data from its global operations. The incident exposes growing supply-chain risks and highlights how industrial manufacturers remain prime targets for modern cyber-extortion campaigns.
Harrods informed loyalty program members of a data breach tied to a third-party provider. The luxury retailer is investigating and urging customer caution.
Game-themed extensions on a popular code editor pretended to add Pokémon or Minecraft flair for “vibe coders.” Instead, they executed malware on install, mined Monero, and attempted persistence. Consequently, teams should validate developer workstations, remove suspicious add-ons, rotate secrets, and harden marketplace policies before the next wave appears.
Rhadamanthys suffered a coordinated disruption as “customers” lost access to panels and servers. With certificate-only logins and Tor sites offline, credential theft pipelines broke. Use the lull to rotate passwords, revoke tokens, scrub loaders, and harden identity before operators relaunch under a new brand.
Security researchers uncovered multiple vulnerabilities in Microsoft’s BitLocker encryption, exposing Windows systems to data theft, privilege escalation, and bypass attacks. This article analyzes the flaws, their potential impact, and how organizations can secure encrypted drives against exploitation.