Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jasper Sleet and Coral Sleet AI-enabled IT worker scam campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The Jasper Sleet and Coral Sleet campaign is using AI to scale fake IT worker scams, making social engineering against organizations more convincing and persistent. The operators use AI to build reusable personas, tailor applications, and keep the deception alive after hiring. They also use AI to automate parts of infrastructure setup and payload handling, which expands the campaign's reach and makes detection and response harder.

Related Happenings

JustAskJacky fake AI assistant malware campaign

Campaign
H score33 First: 04.06.2026 17:00 Last: 04.06.2026 17:00 Sources 1

About this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...

LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis

Technical Analysis
H score25 First: 17.03.2026 15:59 Last: 17.03.2026 15:59 Sources 1

About this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...

Microsoft Teams adds lobby labeling and separate admission for third-party bots

Security Tool/Service
H score11 First: 09.03.2026 19:12 Last: 09.03.2026 19:12 Sources 1

About this happening: **Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...

Russian-speaking threat actor campaign expands across multiple victims

Campaign
H score38 First: 09.03.2026 01:35 Last: 09.03.2026 01:35 Sources 1

About this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...

North Korea fake job-recruitment campaign using malicious Next.js repositories

Campaign
H score44 First: 25.02.2026 18:42 Last: 25.02.2026 18:42 Sources 1

About this happening: The **North Korea**-linked campaign now targets **developers** with **malicious Next.js repositories**, creating **remote code execution** and a persistent **C2** channel on infec...

Timeline

  1. 06.03.2026 19:49 2 articles · 4mo ago

    Microsoft details AI-enabled fake IT worker scam tradecraft

    Technical Analysis Update

    DPRK-linked clusters Jasper Sleet and Coral Sleet are using AI to scale fake IT worker scams against organizations by improving persona creation, job-application targeting, interview deception, and day-to-day social engineering; the same tradecraft also uses Faceswap, voice-changing software, and agentic AI to create fake company websites, provision infrastructure, and test and deploy malicious payloads.

    Show sources