Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cyber threat actors use AI to accelerate extortion and exploitation

Trend
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Cyber threat actors are shifting to routine operational use of AI, making extortion, reconnaissance, phishing, and exploit timing faster and lower-friction across the criminal ecosystem. The trend matters because attackers can begin scanning for newly announced CVEs within 15 minutes and, in some cases, cut network infiltration and data-exfiltration timelines from three to four weeks to under 25 minutes. AI is also helping low-skilled operators sound more professional, which lowers the barrier to entry for cybercrime and compresses defender response windows.

Related Happenings

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
H score22 First: 06.07.2026 09:33 Last: 06.07.2026 09:33 Sources 1

About this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...

Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises

Security Tool/Service
H score20 First: 28.05.2026 12:55 Last: 28.05.2026 12:55 Sources 1

About this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...

Google GTIG analysis of adversary AI use for exploit development and attack orchestration

Technical Analysis
H score33 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...

Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign

Campaign
H score30 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...

Timeline

  1. 17.02.2026 15:45 2 articles · 4mo ago

    Unit 42 report on AI-assisted extortion and cybercrime acceleration

    Initial Disclosure

    Unit 42 described low-skilled cybercriminals using LLM-powered AI assistants to automate extortion scripts and pressure tactics, a method the researchers dubbed "vibe extortion". The report said threat actors had moved in 2025 from experimentation to routine operational use, including scanning newly announced CVEs within 15 minutes, parallelizing reconnaissance and initial access attempts, and abusing enterprise AI platforms such as Google Vertex AI, while recommending automated patching, AI-driven response, behavioral email security, and out-of-band verification for sensitive requests.

    Show sources