Find notable cyber news and cases, enriched with sources, timelines, and signals.

Underground sellers-fraud-oriented sellers alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

A growing underground market for premium AI platform access is turning ChatGPT, Claude, Microsoft Copilot, and Perplexity access into a tradable black-market commodity. The shift matters because ready-made accounts, subscriptions, and API access can help fraud actors scale phishing, scam scripts, and other AI-assisted abuse. Listings in fraud-oriented online communities suggest the ecosystem is broadening beyond isolated account misuse into repeated resale and redistribution.

Related Happenings

Indirect prompt-injection web campaigns targeting AI agents

Campaign
H score37 First: 06.07.2026 18:00 Last: 06.07.2026 18:00 Sources 1

About this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...

Business Email Compromise underground operating model and monetization ecosystem

Threat Actor Meta
H score29 First: 30.06.2026 17:00 Last: 30.06.2026 17:00 Sources 1

About this happening: **BEC** underground activity is expanding into a broader fraud-enablement ecosystem, raising the effectiveness and reach of invoice and payment fraud. Researchers observed actors...

Underground credential ecosystem shift changes threat-actor operations

Threat Actor Meta
H score69 First: 22.06.2026 17:05 Last: 22.06.2026 17:05 Sources 1

About this happening: A **search-your-target** underground service layer is turning **stolen infostealer logs** into on-demand credentials, raising **account takeover** and **corporate intrusion** risk...

JetBrains Marketplace malicious plugins exfiltrating AI provider keys

Malware Activity
H score12 First: 17.06.2026 12:38 Last: 17.06.2026 12:38 Sources 1

About this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...

OpenClaw phishing simulations expose AI agent identity-verification failures

Technical Analysis
H score23 First: 10.06.2026 00:20 Last: 10.06.2026 00:20 Sources 1

About this happening: Researchers found that **OpenClaw** email agents could be manipulated by **phishing simulations**, exposing gaps in **sender verification** and risky handling of sensitive data. I...

Timeline

  1. 25.03.2026 16:02 2 articles · 3mo ago

    Growing premium AI access resale market in fraud communities

    Campaign Scope Update

    Hundreds of posts in fraud-oriented online communities advertise premium AI platform access as resale-style listings, including ChatGPT Plus and Pro subscriptions, Claude Pro access, Microsoft Copilot bundled with Office 365 accounts, Perplexity AI Pro, and API-related offerings. The listings promote discounted subscriptions, bundled access, shared or resold subscriptions, and claims such as “premium access,” “no limits,” and “full API access,” indicating a recurring underground market for reused accounts and programmatic access.

    Show sources