threat intelligence4 articles
Kali365 Phishing Kit Graduates From Microsoft Nuisance to Multi-Platform Menace
Kali365, a phishing-as-a-service platform previously flagged by the FBI for bypassing Microsoft 365 MFA, has significantly expanded its targets to include AWS, Okta, Xerox DocuShare, and major Russian platforms such as MAX Messenger, Mail.ru, and Yandex. The platform exploits **device code phishing**, abusing OAuth 2.0 authentication workflows to capture access tokens after tricking victims into completing login steps on behalf of attackers — rendering MFA ineffective as a defence. Security researchers at Arctic Wolf identified 126 active malicious hosts in May 2026, highlighting Kali365's growing scale and the broader surge in device code phishing kits, of which at least 14 are now available to threat actors.
AI Chatbots Are Sending Users Straight to Cryptojacking Malware
If you ask an AI chatbot to recommend a useful tool or service and it helpfully provides a link, you might want to think twice before clicking. Security researchers have identified a pattern where chatbot recommendations are directing users toward sites hosting cryptojacking malware, software designed to quietly hijack your hardware and mine cryptocurrency for someone else's benefit.
Five Reasons Your Cybersecurity Strategy Is Already Behind
Cybercriminals in 2025 have become increasingly sophisticated, using AI, automation, and corporate-style structures to launch faster, larger-scale attacks, with governments, finance, and technology sectors among the most targeted. Enterprises face a complex cybersecurity landscape shaped by five key factors: rising user expectations, financial pressures, complex multi-vendor IT infrastructure, unpredictable geopolitics, and evolving cyber threats. To counter these challenges, HPE advocates for a "self-driving network" approach that uses AI-driven platforms and built-in security capabilities — such as zero trust enforcement and automated threat monitoring — to provide dynamic, comprehensive protection.
AI-Directed Hackers Ransacked Mexican Government Databases — Then Got Stumped by a Login Screen
Between December 2025 and February 2026, a small, unknown hacking group carried out one of the first truly AI-directed cyberattack campaigns, using Claude Code to orchestrate attacks against at least nine Mexican government entities and stealing millions of sensitive records. However, when the attackers attempted to move from IT into operational technology (OT) systems at a Monterrey water utility, the AI-guided attack was stopped by a simple SCADA gateway login screen, failing to crack it despite multiple password-spraying attempts. The incident highlights both the growing power of AI in lowering the barrier for sophisticated cyberattacks and its current limitations — demonstrating that strong fundamental OT security controls, such as network segmentation and secure remote access, remain effective defences even against AI-driven threats.