Chinese state-sponsored hackers used Anthropic's AI tool, Claude, to automate cyberattacks on around 30 organizations worldwide, succeeding in several breaches. They tricked the AI into bypassing security protocols by framing malicious tasks as routine cybersecurity work. This marks a significant shift in cybercrime, highlighting the need for enhanced AI-driven defenses.

A report reveals that 18 American universities faced a coordinated phishing campaign from April to November 2025. Attackers used the Evilginx tool to bypass Multi-Factor Authentication and steal login credentials and session cookies, compromising user accounts. The University of San Diego was the first reported victim, and several other institutions were significantly affected.

The Scattered Lapsus ShinyHunters gang uses aggressive methods to extort companies, including threats of violence against executives and their families. Experts advise against negotiating with them, as they have a history of failing to uphold promises in ransom situations. Engaging with the group may escalate harassment and risks for victims.

Tokyo FM Broadcasting Co. was hacked on January 1, 2026, with a group claiming to have stolen over 3 million records. The stolen data includes names, birthdays, email addresses, IP addresses, and internal login IDs, raising significant security concerns for listeners and employees. Verification of the claims is still pending.

The FBI has shared 630 million passwords with Troy Hunt to help organizations block potential account takeovers. This data, some of which is newly identified, adds to the existing database and enhances security measures against cybercrime. Hunt emphasizes the importance of using this information to protect accounts effectively.

Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.

Researchers found that Sicarii ransomware has a decryption flaw, rendering victims' data unrecoverable even if they pay the ransom. The malware generates a new RSA key for each attack, discarding the private key, leaving no viable recovery option. Caution is advised for organizations considering ransom payments.

macOS, while generally secure due to built-in protections like Keychain, SIP, TCC, and Gatekeeper, remains a target for cybercriminals who exploit vulnerabilities. The article details these security mechanisms, common attack methods, and emphasizes the importance of monitoring and managing access to sensitive data to thwart potential threats.

The LockBit 4.0 leak provides critical insights into the chaotic nature of ransomware-as-a-service (RaaS) groups, revealing that many affiliates operate without oversight and often act unpredictably. This disorganization complicates defenses and incident response efforts, emphasizing the necessity of proactive preparation over negotiation. The evolving landscape suggests increasing fragmentation among ransomware groups, making them harder to attribute and defend against.

Dutch police have identified 126 individuals linked to the now-defunct Cracked.io cybercrime forum, which facilitated the trade of stolen data and hacking tools. Many of those identified are young, with some being as young as 11 years old, and the police are engaging with them to highlight the long-term consequences of their online activities. The forum's infrastructure was dismantled in January 2025, but a new version of the site has since emerged.

Attackers are exploiting artificial intelligence to create fake CAPTCHAs, bypassing security measures that are designed to differentiate between human users and bots. This emerging tactic poses significant risks to online platforms and underscores the need for more robust security protocols.

Europol has successfully dismantled six major DDoS-for-hire services that were responsible for numerous cyberattacks across Europe. The operation involved multiple law enforcement agencies and aimed to curb the growing trend of cybercriminals offering DDoS attacks as a service. This crackdown is part of ongoing efforts to enhance cybersecurity and reduce online threats.

Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.

AT&T has introduced a new security feature called "Wireless Lock" to help protect customers from SIM swapping attacks by preventing unauthorized changes to account information and number porting. This feature, which can be managed through the AT&T app or website, enhances security by restricting access even to AT&T employees, although it arrives later than similar offerings from competitors like Verizon. SIM swap attacks have become increasingly common, leading to significant financial losses and breaches of personal accounts.

Cybercriminals are increasingly exploiting the Lovable AI website builder to create phishing pages and fraudulent sites that impersonate well-known brands. Despite Lovable's efforts to detect and eliminate malicious content, the rising number of AI site generators is lowering the barriers for cybercrime. Recent campaigns have targeted organizations and individuals through sophisticated phishing schemes, resulting in significant data theft and malware distribution.

Phishing attacks that bypass multifactor authentication (MFA) are becoming increasingly accessible, with tools available that allow even non-technical users to create convincing phishing sites. These attacks utilize a method called "adversary in the middle," where attackers set up proxy servers to intercept login credentials and MFA codes from victims. The rise of phishing-as-a-service toolkits makes it easier for criminals to launch these attacks, posing a significant threat to online security.