Exploiting the Single Edge of the Sword That Is AI
Published
Crypto crime has moved offline as criminals are targeting people and households, not only wallets or exchanges. As digital risks seep into real lives, AI-assisted attacks are setting new records, with attackers exploiting everything from political unrest to trusted brands for malicious intent.
Beyond AI, insider access risks loomed over Google and sensitive computing systems. Children’s online safety remained in focus as Australia enforced new age-based restrictions on social media, while student athletes' images from Snapchat were abused by a former university coach, highlighting risks to people of all ages.
Ex-Google Engineer Convicted of Sending AI Supercomputer Trade Secrets to China
A U.S. federal jury convicted former Google engineer Linwei Ding of stealing confidential AI supercomputing data and sharing it with Chinese technology firms. He removed over 2,000 pages of sensitive materials between May 2022 and April 2023. The stolen files reportedly covered Google’s TPU and GPU system technologies, and orchestration software for AI. Ding maintained ties to two China-based companies and also founded an AI firm in Shanghai, and claimed he could replicate Google-level computing systems.
ShinyHunters-Linked Actors Using Vishing to Breach Cloud SaaS Systems
Mandiant reported an expansion in threat activity linked to ShinyHunters-branded extortion targeting corporate environments. Threat actors are using voice phishing calls and credential harvesting sites to steal single sign-on credentials and multi-factor authentication codes. Investigators said attackers can bypass defenses by registering their own devices for MFA after deceiving employees. Once inside networks, the intruders pivot into SaaS platforms.
AI-Assisted Excel Malware Lures Used Against Iran Protest Investigators
A new threat cluster tracked as RedKitten is targeting people documenting human rights abuses linked to Iran’s Dey 1404 protests. The campaign uses macro-enabled Excel files disguised as lists of protesters killed during recent unrest. The malware implant, dubbed SloppyMIO, is delivered through shock-themed lures designed to trick recipients into enabling macros.
Spain Ministry Breach Claim Followed by Partial IT Shutdown Notice
A threat actor using the alias “GordonFreeman” claimed on February 2 that they breached Spain’s Ministry of Science, Innovation and Universities. The actor claimed to have exploited an IDOR vulnerability and previously leaked credentials to gain admin access. The post claimed the intrusion may involve sensitive records such as passport scans, academic transcripts, and payment receipts.
Signal President Warns OS-Level AI Agents Undermine End-to-End Encryption
Signal Foundation president Meredith Whittaker said AI agents embedded into operating systems are weakening the security guarantees of end-to-end encryption. She argued that encryption may remain mathematically sound while real-world protections are bypassed through privileged OS access. AI assistants require sweeping permissions to read messages, access credentials, and operate across apps, collapsing the isolation E2EE depends on.
Snap Locks 415,000 Teen Accounts in Australia
Snap Inc., the owner of Snapchat, said it has locked or disabled over 415,000 accounts in Australia that it believes belong to users under 16. The company said the action follows the enforcement of Australia’s Social Media Minimum Age law, which took effect two months ago. The company also argued that teens may shift to alternative services outside the law’s scope that offer fewer safety protections. Snap urged app store-level age verification as a more consistent safeguard.
Forbes 30 Under 30 Fintech Founder Charged in $7 Million Seed Fraud
Federal prosecutors charged Forbes 30 Under 30 alum, Kalder founder and CEO Gökçe Güven, 26, a Turkish national, with alleged securities fraud, wire fraud, visa fraud, and identity theft. Güven raised $7M during Kalder’s April 2024 seed round using false information and overstated customer adoption. False claims included 26 brands using Kalder, 53 in “live freemium,” and $1.2M in annual recurring revenue by March 2024. The DOJ alleged she kept two sets of financial books, with inflated numbers shown to investors and used forged documents for visa to remain in the United States.
Notepad++ Update Mechanism Hijacked in Espionage Campaign
Researchers warned that the Notepad++ text editor’s software update mechanism was likely hijacked in an espionage campaign between June and December 2025. Researchers said a suspected actor, possibly belonging to Lotus Blossom, delivered trojanized updates to a set of high-value targets in East Asia. The attackers compromised shared hosting infrastructure to redirect update requests from users to an attacker-controlled server. Kaspersky’s SecureList said it observed infection chains affecting about a dozen machines in the Philippines, Vietnam, and El Salvador.
Fake ANTAI Fine Phishing Emails Resurface in France With Urgent Payment Threats
A phishing campaign is targeting French citizens with fraudulent messages impersonating ANTAI, the agency that processes automated traffic offenses. Scammers claim recipients have an unpaid fine, often €135. Follow-up emails raise the amount to €260. The messages direct targets to fake payment portals that mimic official French government websites. Attackers also seek tax identifiers, driver’s license details, and identity documents. ANTAI reportedly does not issue fines through unsolicited email.
Qilin Claims Tulsa International Airport, Posts Data Online
The Qilin ransomware group has listed Tulsa International Airport in Oklahoma on its leak site. They posted 18 document samples, including financial and governance data, emails, and employee identification documents such as passports and driver’s licenses, dating between 2022 and 2025. Airport officials have not confirmed the attack.
AI-Assisted AWS Intrusion Could Reach Admin Access in Under 10 Minutes
Sysdig reported observing an AI-assisted cloud intrusion on November 28, 2025, where an attacker gained administrative access to an AWS account in 8 minutes. The intrusion began with valid test credentials exposed in public S3 buckets. The actor used AWS Lambda permissions to escalate privileges via Lambda code injection, replacing an existing Lambda function’s code with an administrative execution role and generating new access keys for an admin-level user. They compromised 19 AWS principals across 14 sessions using multiple assumed IAM roles.
Poland Detains Defense Ministry Employee on Espionage Allegations Linked to Russia
Poland’s Military Counterintelligence Service detained a civilian employee of the Ministry of National Defense on suspicion of espionage. Officials said the suspect worked in the ministry’s strategy and planning department and had access to military documents. The 60-year-old Polish national, employed at the ministry since the 1990s, allegedly collaborated with Russian and Belarusian intelligence services. Arrested at his workplace in Warsaw, investigators searched his office and residence, seized devices, and collected evidence.
Spain Plans Law to Ban Social Media Access for Children Under 16
Spain announced it will introduce legislation to prevent children under 16 from accessing social media platforms. The draft law is expected to require platforms to implement stronger age verification systems to create technical barriers for underage users. Spain also plans additional rules to regulate social media content more broadly, alongside the access restrictions.
From 42 to 19 Seconds: Phishing Speeds Up as AI Slashes Attack Intervals
AI-powered phishing attacks reached a pace of one malicious email every 19 seconds in 2025, according to a Cofense report. The rate more than doubled from 2024, when attacks occurred every 42 seconds. Attackers used adaptive phishing pages that changed payloads based on victim devices and security tools. Conversational business email compromise attacks accounted for 18% of malicious emails as AI improved impersonation. Abuse of remote access tools such as ConnectWise ScreenConnect increased 900% year over year.
Illinois Man’s Guilty Plea Details How a Former Coach Paid to Obtain Students’ Photos
An Illinois man, Kyle Svara, pleaded guilty in federal court to running a Snapchat phishing scheme from May 2020 to February 2021, involving over 571 victims. Svara impersonated Snapchat support staff to trick victims into sharing authentication codes. Former Northeastern University track-and-field coach Steve Waithe paid Svara to target accounts, including those of student-athletes. Svara locked victims out of their accounts and downloaded nude or semi-nude images. Photos from at least 59 accounts were sold online.
Incognito Market Operator Sentenced to 30 Yrs for $105M Drug Trafficking Case
Rui-Siang Lin, 24, the operator of the Incognito Market dark web platform, was sentenced to 30 years in prison for trading in narcotics and misbranded medication. Incognito Market facilitated drug sales between October 2020 and its shutdown in March 2024. It had over 400,000 buyers and 1,800 vendors for the sale of cocaine, methamphetamines, heroin, and fentanyl-laced pills. Lin from Taiwan was ordered to forfeit over $105M from the operation’s proceeds.
France Arrests Four Over Alleged Starlink Spying
French authorities arrested four individuals on suspicion of spying for China, according to the Paris public prosecutor’s office. They entered France to capture satellite data from the Starlink network and other entities, including military targets. Police were alerted on January 30 after residents reported a large satellite dish being installed at an Airbnb in Gironde around the time of an internet outage. Investigators seized equipment connected to satellite interception devices during a search. An investigation was entrusted to France’s internal security directorate.
OpenClaw AI Assistant Could Expose Connected Accounts and Credentials
Vulnerabilities in the open-source AI assistant OpenClaw, previously known as Moltbot and Clawdbot, could put user data at risk. The tool has surged in popularity, with 300,000 to 400,000 users. Because OpenClaw can connect to email, calendars, chat apps, and browsers, any linked services and stored credentials could be exposed. Experts said the risk stems from agent autonomy, where crafted prompts or hidden instructions could trigger actions like forwarding data.
Researchers Track 580 Iran-Unrest Domains Created for Fraud and Disinformation
Cyber Access Program to Reduce Vulnerability Testing Risk
OpenAI introduced Trusted Access for Cyber, an identity-based framework that restricts advanced cyber model capabilities to verified security professionals and organizations. It said frontier systems like GPT-5.3-Codex can accelerate vulnerability discovery, but also raise misuse risks. Vulnerability testing can be legitimate or abusive, depending on the user, making cyber requests difficult to judge. The company will follow refusal training and automated monitoring to flag suspicious behavior. Verified users and enterprises can request trusted access, while select researchers may join an invite-only program for more permissive defensive work.
Crypto-Linked Kidnappings in France Highlight Rising Personal Danger
A kidnapping in Saint-Martin-le-Vinoux, near Grenoble in southeast France, involved a magistrate and her mother being held hostage while criminals demanded a Bitcoin ransom tied to the family’s crypto industry connections. The victims were taken to a garage in Bourg-lès-Valence before being discovered and rescued by a passerby. French authorities have recorded multiple similar attacks in recent weeks, showing how people linked to digital assets are increasingly being targeted through real-world violence rather than online theft.
Hackers Forge Vehicle Registration Documents After Breach
Hackers compromised France’s Vehicle Registration System, allowing fraudulent mass creation of vehicle registration certificates used to legitimize stolen cars. Around 22 garages were affected after attackers gained control through phishing and weak logins. Victims are now facing financial risks because taxes linked to the fake documents are being charged to the garages under their official licenses.
France Moves Health Data Hub Hosting to SecNumCloud-Certified Provider
France has launched a tender to move its Health Data Hub, which centralizes anonymized medical data for research, away from Microsoft Azure. The government wants the platform hosted by a European provider certified under ANSSI’s SecNumCloud standard to reduce exposure to US laws such as the Cloud Act. The contract is expected by the end of March 2026, with a full migration planned before the year ends.
Faster Attacks and Higher Stakes
Signal warned of AI agents potentially nullifying practical encryption boundaries, while Snap locked 415,000 teen accounts in Australia under age enforcement.
Impersonation and AI are being mastered by adversaries, as seen in the fake ANTAI phishing wave in France, and AI-assisted cloud intrusion timelines dropped to under 10 minutes, putting critical data at immediate risk.
Phishing speed also tightened, with intervals cut from 42 seconds to 19 seconds, shrinking the human response window. Beyond AI, governments are hard at work tightening oversight around employees with access to sensitive systems, as espionage remained a core resort for gaining sensitive data from targeted environments.
As nations from Spain to India planned stronger restrictions around social media to protect children's well-being, AI introduced a social media platform only for their interactions with Moltbook. The double-edged sword, while resourceful, also remained an open fire consuming data and leaving risks of exposure, maintaining top speed for cybercriminals and defenders alike.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular