Cybercriminals are increasingly attacking trucking and logistics companies to deploy remote monitoring and management (RMM) software, aiming to steal cargo, especially food and beverages. They exploit compromised email accounts and use spear-phishing tactics to gain access, allowing them to hijack shipments and manipulate logistics operations.

The article discusses two new dark large language models (LLMs), WormGPT 4 and KawaiiGPT, which help less-skilled cybercriminals automate attacks like phishing and malware creation. WormGPT 4 is sold on underground forums, while KawaiiGPT is freely available on GitHub, making it easy for aspiring hackers to access powerful tools. Researchers warn these models lower the skill barrier for cybercrime, posing a significant digital risk.

A report reveals that 18 American universities faced a coordinated phishing campaign from April to November 2025. Attackers used the Evilginx tool to bypass Multi-Factor Authentication and steal login credentials and session cookies, compromising user accounts. The University of San Diego was the first reported victim, and several other institutions were significantly affected.

Microsoft is suing RedVDS, a service providing virtual desktops used for phishing and fraud. The company aims to shut down the operation, which has contributed to over $40 million in fraud losses in the US, and has partnered with law enforcement to seize its infrastructure. Victims of RedVDS include various organizations across multiple sectors globally.

Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.

This article explores how large language models (LLMs) can be used for both defensive and offensive purposes in cybersecurity, highlighting the rise of malicious models like WormGPT and WormGPT 4. These tools bypass ethical constraints, making cybercrime more accessible for less skilled attackers. The piece details their capabilities, including generating phishing content and malware, and discusses the implications for the threat landscape.

China-based SMS phishing groups, known as the "Smishing Triad," are increasingly targeting customers of international financial institutions by converting stolen payment card data into mobile wallets. Utilizing innovative phishing techniques and a vast cybercrime infrastructure, these groups are bypassing traditional SMS methods by sending messages through iMessage and RCS, achieving high delivery rates and expanding their operations globally. Experts emphasize the need for financial institutions to adopt more secure methods for verifying card enrollments to combat this rising threat.

Phishing emails are increasingly targeting both human users and AI-based defenses, exploiting gaps in security measures to bypass traditional filters. The evolving tactics used by cybercriminals highlight the need for improved defenses to protect sensitive information and maintain user trust in digital communications.

A recent phishing attack targeted executives in the aviation industry, leading to a significant financial loss for a customer who was tricked into paying a fraudulent invoice. The investigation revealed links to a long-standing Nigerian cybercrime group known as SilverTerrier, which specializes in business email compromise scams and has been implicated in numerous similar attacks. Experts recommend organizations familiarize themselves with the financial fraud kill chain to recover funds lost to such schemes.

Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.

An analysis of over 2.6 million AI-related posts from underground sources reveals how threat actors are leveraging AI technologies for malicious purposes. The research highlights 100,000 tracked illicit sources and identifies five distinct use cases, including multilingual phishing and deepfake impersonation tools. This comprehensive insight offers unmatched visibility into adversaries' strategies and innovations in AI exploitation.

Authorities in Pakistan have arrested 21 individuals linked to the “Heartsender” malware service, which facilitated spam and cybercrime for over a decade, resulting in extensive financial losses. The operation, which targeted various internet companies, was identified by KrebsOnSecurity in 2021, and included notorious figures like Rameez Shahzad, the alleged ringleader. The arrests follow a series of raids conducted by the National Cyber Crime Investigation Agency amid ongoing investigations into transnational organized crime.

Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.

Phishing attacks that bypass multifactor authentication (MFA) are becoming increasingly accessible, with tools available that allow even non-technical users to create convincing phishing sites. These attacks utilize a method called "adversary in the middle," where attackers set up proxy servers to intercept login credentials and MFA codes from victims. The rise of phishing-as-a-service toolkits makes it easier for criminals to launch these attacks, posing a significant threat to online security.

Thirteen Romanians have been arrested for their involvement in a phishing scheme targeting His Majesty's Revenue and Customs (HMRC), resulting in significant financial losses for the UK government. The operation, conducted by Romanian police in collaboration with HMRC, revealed that organized crime groups exploited stolen data to submit fraudulent tax claims and benefits. HMRC confirmed that the attacks led to a loss of £47 million for taxpayers, although there was no direct cyber attack on its systems.

European police have dismantled a major cybercrime network, dubbed Operation SIMCARTEL, which created nearly 50 million fake online accounts for fraudulent activities. The operation led to the arrest of seven individuals and the seizure of numerous SIM boxes and servers, highlighting the extensive use of these accounts for scams, phishing attacks, and other cybercrimes across multiple countries. Financial losses attributed to the network are significant, with millions reported in Austria and Latvia alone.