Symantec demonstrates OpenAI's Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity.

Symantec’s threat hunters have demonstrated how AI agents like OpenAI’s recently launched _“_Operator_“_ could be abused for cyberattacks. While AI agents are designed to boost productivity by automating routine tasks, Symantec’s research shows they could also execute complex attack sequences with minimal human input.

This is a big change from older AI models, which could only provide limited help in making harmful content. Symantec’s research came just a day after Tenable Research revealed that the AI chatbot DeepSeek R1 can be misused to generate code for keyloggers and ransomware.

In Symantec’s experiment, the researchers tested Operator’s capabilities by requesting it to:

*   Obtain their email address
*   Create a malicious PowerShell script
*   Send a phishing email containing the script
*   Find a specific employee within their organization

According to Symantec’s blog post, though the _“_Operator_“_ initially refused these tasks citing privacy concerns, researchers found that simply stating they had authorization was enough to bypass these ethical safeguards. The AI agent then successfully:

*   Composed and sent a convincing phishing email
*   Determined the email address through pattern analysis
*   Located the target’s information through online searches
*   Created a PowerShell script after researching online resources

Watch as it’s done:

J Stephen Kowski, Field CTO at SlashNext Email Security+, notes that this development requires organizations to strengthen their security measures: “Organizations need to implement robust security controls that assume AI will be used against them, including enhanced email filtering that detects AI-generated content, zero-trust access policies, and continuous security awareness training.”

While current AI agents’ capabilities may seem basic compared to skilled human attackers, their rapid evolution suggests more sophisticated attack scenarios could soon become reality. This might include automated network breaches, infrastructure setup, and prolonged system compromises – all with minimal human intervention.

This research shows that companies need to update their security strategies because AI tools designed to boost productivity can be misused for harmful purposes.

Symantec Demonstrates OpenAI’s Operator Agent in PoC Phishing Attack

New Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected.

Cybersecurity company Guardz is warning Microsoft 365 users about a new phishing scam backed by **social engineering tactics** making the rounds. This isn’t an average scam as attackers trick people into calling fake support numbers using Microsoft 365 infrastructure, putting their login details and accounts at risk.

****How the Attack Works****

Unlike typical phishing attempts using typosquatted domains, fake or misspelled email addresses, this campaign operates from within Microsoft’s cloud services. This makes the phishing attempts look convincing, easily bypassing email authentication checks like SPF, DKIM, and **DMARC**.

The attack also utilizes legitimate Microsoft domains (**onmicrosoft.com**)and manipulates tenant settings. The scammers also set up multiple **Microsoft 365 organization tenants**, either by creating new ones or compromising existing accounts. Each tenant has a specific role within the attack framework, allowing the threat actors to operate with anonymity.

One of these fake organizations is used to trigger actions that look like normal business activity, such as starting a subscription. Another **fake organization** is given a name that includes a fake warning message and a phone number. For example, the organization’s name might appear as something like, “(Microsoft Corporation) Your subscription has been successfully purchased… If you did not authorize this transaction, please call .”

The Microsoft 365 phishing email used in the scam (Screenshot credit: Guardz)

When the attackers trigger an action, like a subscription change, **Microsoft 365** automatically sends out legitimate emails about it. Because of how the attackers set up their fake organizations, these official Microsoft emails can end up including the fake warning message and phone number in the sender’s information or organization details.

So, you might receive an email that looks like it’s really from Microsoft, confirming a purchase you didn’t make. The email itself is real in the sense that it came through Microsoft’s systems.

But the alarming message asking you to call a number to dispute the charge? That’s the scam. If someone calls the number, they’re connected with the attackers, who then try to steal sensitive information like passwords or trick them into installing malicious software.

****Why This Scam Is Effective****

This approach is effective for several reasons. Since the emails come from Microsoft’s legitimate systems, they often pass standard security checks that look for fake domains or suspicious links. The emails look official, complete with Microsoft branding. And the urgent message about an unauthorized charge can cause people to act quickly without thinking.

According to Guardz’s **report** shared with Hackread.com ahead of its publishing on Thursday, this attack is tricky to spot because it uses legitimate services for malicious purposes. Traditional email security measures that check sender reputations or look for fake links might miss this.

****The Possible Impact****

The implications of this phishing campaign could be significant. Businesses and individuals who fall victim can suffer from credential theft, financial loss, account takeovers or installing malware on their systems. The attack’s dependence on voice channels also makes it more challenging to detect and prevent, as fewer security controls exist in direct phone communications.

****Protecting Yourself and Your Business****

A few key steps can help prevent these scams. Be wary of unexpected emails about purchases or subscriptions, even if they appear to come from Microsoft. Never call phone numbers listed in emails if something feels off, always verify contact details on Microsoft’s official website.

Pay close attention to sender details; while an email might look legitimate, unusual organization names or urgent wording can be red flags. Also, be cautious of messages from unfamiliar “**.onmicrosoft.com**” domains. Most importantly, train yourself and your employees to recognize phishing tactics, especially those designed to create a sense of urgency around financial threats.

1.  **Fake Facebook Copyright Notices to Hijacking Accounts**
2.  **Hackers Using Fake YouTube Links to Steal Login Credentials**
3.  **PayPal Phishing Exploits MS365 Tools, Genuine-Looking Emails**
4.  **Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings**
5.  **Astaroth Phishing Kit Bypasses 2FA, Hijacks Gmail, Microsoft Emails**

New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support

Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While…

Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While not fully autonomous, it provides a playground for cybercriminals to refine and exploit its capabilities for malicious purposes.

A new analysis from cybersecurity firm Tenable Research reveals that the open-source AI chatbot **DeepSeek R1** can be manipulated to generate malicious software, including keyloggers and ransomware.

Tenable’s research team set out to assess DeepSeek’s ability to create harmful code. They focused on two common types of malware: keyloggers, which secretly record keystrokes, and ransomware, which encrypts files and demands payment for their release.

While the AI chatbot isn’t producing fully functional malware “out of the box,” and requires proper guidance and manual code corrections to produce a fully working keylogger; the research suggests that it could lower the barrier to entry for cybercriminals.

Initially, like other large language models (**LLMs**), DeepSeek stood up to its built-in ethical guidelines and refused direct requests to write malware. However, the Tenable researchers employed a “jailbreak” technique tricking the AI by framing the request for “educational purposes” to bypass these restrictions.

The researchers leveraged a key part of DeepSeek’s functionality: its “chain-of-thought” (CoT) capability. This feature allows the AI to explain its reasoning process step-by-step, much like someone thinking aloud while solving a problem. By observing DeepSeek’s CoT, researchers gained insights into how the AI approached malware development and even recognised the need for stealth techniques to avoid detection.

****DeepSeek Building Keylogger****

When tasked with building a keylogger, DeepSeek first outlined a plan and then generated C++ code. This initial code was flawed and contained several errors that the AI itself could not fix. However, with a few manual code adjustments by the researchers, the keylogger became functional, successfully logging keystrokes to a file.

Taking it a step further, the researchers prompted DeepSeek to help enhance the malware by hiding the log file and encrypting its contents, which it managed to provide code for, again requiring minor human correction.

This screenshot displays the keylogger created by DeepSeek running in the Task Manager, alongside the log file it generated. (Credit: Tenable Research)

****DeepSeek Building Ransomware****

The experiment with ransomware followed a similar pattern. DeepSeek laid out its strategy for creating file-encrypting malware. It produced several code samples designed to perform this function, but none of these initial versions would compile without manual editing.

Nevertheless, after some tweaking by the Tenable team, some of the ransomware samples were made operational. These functional samples included features for finding and encrypting files, a method to ensure the malware runs automatically when the system starts, and even a pop-up message informing the victim about the encryption.

****DeepSeek Struggled with Complex Malicious Tasks****

While DeepSeek demonstrated an ability to generate the basic building blocks of malware, Tenable’s findings highlight that it’s far from a push-button solution for cybercriminals. Creating effective malware still requires technical knowledge to guide the AI and debug the resulting code. For instance, DeepSeek struggled with more complex tasks like making the malware process invisible to the system’s task manager.

However, despite these limitations, Tenable researchers believe that access to tools like DeepSeek could accelerate malware development activities. The AI can provide a significant head start, offering code snippets and outlining necessary steps, which could be particularly helpful for individuals with limited coding experience looking to engage in cybercrime.

“DeepSeek can create the basic structure for malware,” explains Tenable’s technical **report** shared with Hackread.com ahead of its publishing on Thursday. “However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features.” The AI struggled with more complex tasks like completely hiding the malware’s presence from system monitoring tools.

Trey Ford, Chief Information Security Officer at Bugcrowd, a San Francisco, Calif.-based leader in crowdsourced cybersecurity commented on the latest development emphasising that AI can aid both good and bad actors, but security efforts should focus on making cyberattacks more costly by hardening endpoints rather than expecting EDR solutions to prevent all threats.

_“_Criminals are going to be criminals – and they’re going to use every tool and technique available to them. GenAI-assisted development is going to enable a new generation of developers – for altruistic and malicious efforts alike,_“_ said Trey,

_“_As a reminder, the EDR market is explicitly endpoint DETECTION and RESPONSE – they’re not intended to disrupt all attacks. Ultimately, we need to do what we can to drive up the cost of these campaigns by making endpoints harder to exploit – pointedly they need to be hardened to CIS 1 or 2 benchmarks,_“_ he explained.

AI Chatbot DeepSeek R1 Can Be Manipulated to Create Malware

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and…

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and why paying ransoms is discouraged. 

A joint advisory by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has revealed a particularly aggressive digital threat- a criminal operation, known as the Medusa ransomware gang.

According to the advisory (#StopRansomware: Medusa Ransomware), Medusa, a ransomware-as-a-service (RaaS) group first identified in June 2021, has become a serious threat to critical infrastructure sectors in the United States.

Authorities have identified a pattern of attacks affecting organizations across diverse sectors, including healthcare, education, law firms, insurance providers, technology companies, and manufacturers. Their victims include Bell Ambulance in Wisconsin, CPI Books, Customer Management Systems, and Heartland Health Center. The sheer number of victims, surpassing 300 as of December 2024, highlights the scope of this threat. 

The actors utilize different methods to infiltrate systems, including deceptive communications (phishing) and exploiting unpatched software vulnerabilities (e.g. ScreenConnect authentication bypass CVE-2024-1709). Once inside a network, they use legitimate system administration tools to move undetected. 

They employ a unique approach to extortion, which involves encrypting victims’ data and rendering it inaccessible, along with threatening to expose sensitive information if their demands are not met. This tactic creates immense pressure on targeted organizations, forcing them to consider paying the ransom to prevent public disclosure of their data.  

“Medusa developers typically recruit initial access brokers (IABs) in cybercriminal forums and marketplaces to obtain initial access to potential victims. Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory (PDF) warns.

Medusa uses advanced techniques to conceal its activities, such as remote access software to control compromised systems and using encrypted scripts and tools to create hidden connections to its command servers, thereby evading security software detection. 

A particularly concerning aspect of this operation is the aggressive nature of their extortion tactics. Victims are given a very short window of time to pay the ransom, often just two days. They are pressured through direct communication, and if they fail to comply, their stolen data is made available on darknet websites. There are even reports that paying the initial ransom might not guarantee the end of the ordeal, as further demands may follow.

In response to this growing threat, federal agencies have emphasized the need for ensuring regular software updates, implementing reliable access controls, and using multi-factor authentication. They also advise monitoring network activity for suspicious behaviour, limiting the use of remote desktop protocols, and segmenting networks to contain any potential breaches. 

Moreover, users are urged to enable two-factor authentication (2FA) for webmail and VPNs as social engineering is a significant factor in these attacks. All organizations affected by the Medusa ransomware are requested to report the incidents to law enforcement and to avoid paying any ransom demands.

FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file…

February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file transfer flaws, infostealers, and AI-driven tactics, reveals Bitdefender’s latest Threat Debrief report.

Cybersecurity just reached a new milestone; and not in a good way. According to Bitdefender’s latest Threat Debrief report, February 2025 was the worst month in history for ransomware attacks, with a 126% increase in claimed victims compared to the same period last year.

This surprising jump saw the number of victims soar from 425 in February 2024 to a staggering 962 in February 2025. The massive surge in ransomware attacks occurred despite the United States-led alliance of 40 countries, announced in November 2023, aimed at dismantling ransomware gangs and their infrastructure. The initiative focused on disrupting payments, taking down infrastructure, and enhancing intelligence sharing.

****Clop (Cl0p) Ransomware at Its Peak****

According to Bitdefender’s report shared with Hackread.com ahead of publishing on Thursday, Cl0p ransomware group Clop was responsible for more than a third of the attacks, claiming 335 victims in just one month. This makes a 300% increase from the previous month.

So, what’s behind this sudden rise in attacks? Cybersecurity experts point to a new trend that’s not so new: attackers are increasingly targeting vulnerabilities in edge network devices, such as file transfer systems and remote access tools.

Instead of focusing on specific industries, these opportunistic hackers are scanning the internet for easily exploitable flaws and launching automated attacks. For example, the Cl0p ransomware gang is notorious for exploiting vulnerabilities in MOVEit, a managed file transfer (MFT) software, with the highest frequency in 2023. The group stole so much data through MOVEit vulnerabilities that it launched a clearnet website to leak stolen information from victims worldwide.

In December 2024, Cl0p also announced exploiting security vulnerabilities in Cleo’s managed file transfer software, specifically targeting Cleo Harmony, VLTrader, and LexiCom products. Bitdefender’s Threat Debrief report also spotted Cl0p’s exploitation of Cleo vulnerabilities, especially CVE-2024-50623 and CVE-2024-55956 both rated 9.8 out of 10 in severity.

Both flaws allow attackers to execute commands remotely on compromised systems and were disclosed late last year. Despite patches being available, many organizations failed to update their systems in time, leaving them wide open to exploitation leading to the surge in victims seen in February 2025.

The illustration highlights the rapid pace at which ransomware gangs exploit vulnerabilities and shift to new targets. (Credit: Ditdefender)

****Other Notable Developments in the Ransomware World****

Beyond the record-breaking numbers, Bitdefender researchers noticed several other noteworthy trends in February 2025 including:

****FunkSec’s New Infostealer****

FunkSec, a growing ransomware group, released Wolfer, a tool designed to extract sensitive information from infected machines. It communicates with a Telegram bot to gather system details, Wi-Fi passwords, and more.

A ransomware gang using infostealers is bad news, especially as researchers recently found that cybercriminals are successfully breaching U.S. national security with infostealers as cheap as $10. Even high-security institutions like the military and the FBI have had their systems compromised, with access being sold on the dark web.

****Black Basta Gets Analyzed by AI****

On February 11, 2025, the notorious Black Basta ransomware gang had its internal chats leaked. These chats contained over 200,000 Russian-language messages. Hudson Rock’s researchers created a chatbot called BlackBastaGPT to sift through the chat logs.

Insights revealed details about their profits, use of deepfake technology, and internal conflicts. The group’s leader emphasized avoiding detection by using built-in system tools, a tactic known as “living off the land.”

****Ghost Ransomware Under Scrutiny****

A joint advisory from CISA highlighted Ghost (also known as Cring), a China-based ransomware operation exploiting older but still unpatched vulnerabilities. Recommendations include patching affected software, segmenting networks, and backing up data regularly.

****Akira’s Webcam Hack****

The Akira ransomware gang found a creative way to bypass security by hijacking a victim’s webcam. Since the device ran Linux and wasn’t monitored closely, it became the perfect launchpad for encrypting files across the network undetected.

****Top 10 Companies Most Targeted by Ransomware Gangs****

The United States, Canada, the UK, Germany, and other developed nations remain the biggest targets of ransomware groups. These countries are highly vulnerable due to their reliance on connected edge devices, cloud infrastructure, and critical business data.

In total, these are the top 10 companies most targeted by ransomware gangs:

1.  USA
2.  Canada
3.  The UK
4.  Germany
5.  France
6.  Australia
7.  Brazil
8.  Mexico
9.  Italy
10.  Sweden

For those looking to understand the full scope of modern ransomware operations and how to fight back, Bitdefender has published a comprehensive whitepaper detailing current attack methods and defence strategies. You can access it here.

Ransomware Hits Record High: 126% Surge in Attacks in February 2025

A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with…

A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with ESHYFT, a New Jersey-based HealthTech company operating across 29 states. ESHYFT also provides a mobile platform that connects healthcare facilities with qualified nursing professionals.

The exposed database was not password-protected or encrypted and contained a treasure trove of personally identifiable information (PII) including SSNs, scans of identification documents, salary details, work history, and more.

The database was discovered by cybersecurity researcher Jeremiah Fowler who shared their report with Hackread.com revealing that the exposed data included profile images, facial images, professional certificates, work assignment agreements, CVs, and resumes.

Additionally, one spreadsheet document contained over 800,000 entries detailing nurses’ internal IDs, facility names, time and date of shifts, hours worked, and more. What’s worse, medical documents, including medical reports containing information on diagnoses, prescriptions, or treatments, were also exposed.

The exposure of such sensitive data could potentially fall under HIPAA regulations. It can also expose vulnerable users to online and physical risks, including identity theft, employment fraud, financial fraud, and targeted phishing campaigns.

The good news is that Fowler immediately notified ESHYFT. The bad news is that it took the company over a month after being alerted to restrict public access to the database. However, according to Fowler, the exposed database was not owned or directly managed by ESHYFT.

It remains unclear whether a third-party contractor was responsible for its management. Additionally, the duration of the exposure and whether unauthorized parties accessed the data are unknown.

Nevertheless, cybercriminals could use the exposed data to commit crimes in the victims’ names or deceive them into revealing additional personal or financial information. Therefore, HealthTech must implement proper cybersecurity measures including:

*   Implement mandatory encryption protocols for sensitive data.

*   Use multi-factor authentication to prevent unauthorized access.

*   Conduct regular security audits to identify potential vulnerabilities.

*   Segregate sensitive data and assign expiration dates for data that is no longer in use.

*   Have a data breach response plan in place and a dedicated communication channel for reporting potential security incidents.

*   Provide timely responsible disclosure notices to affected individuals and educate them on how to recognize phishing attempts.

HealthTech Database Exposed 108GB Medical and Employment Records

OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on…

OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on systems. Learn how to stay safe.

Cybersecurity researchers at Securonix Threat Labs have spotted a new malware campaign called OBSCURE#BAT. This campaign uses social engineering tactics and fake software downloads to trick users into executing malicious code, enabling attackers to infect systems and avoid detection.

The attack begins with a user executing a malicious batch file, which is often disguised as legitimate security features or malicious software downloads. Once executed, the malware establishes itself by creating scheduled tasks and modifying the Windows Registry to operate even after the system reboots.

The malware then uses a user-mode rootkit to hide its presence on the system, making it difficult for users and security tools to detect. The rootkit can hide files, registry entries, and running processes, allowing the malware to embed further into legitimate system processes and services.

****Fake Captchas and Malicious Software Downloads****

As seen in recent similar campaigns, hackers have been leveraging typosquatting and social engineering tactics to present fake products as legitimate within their supply chains. This includes:

**Masquerading Software:** Attackers also disguise their malicious files as trustworthy applications, such as Tor Browser, SIP (VoIP) software or Adobe products, increasing the chances that users will execute them.

**Fake Captchas:** Users may encounter a fake captcha, especially the Cloudflare captcha feature, that tricks them into executing malicious code. These captchas often originate from typosquatted domains, resembling legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard.

Fake captcha used in the attack (Screenshot Securonix)

****Evasion Techniques****

The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques. These include:

**API Hooking:** By using user-mode API hooking, the malware can hide files, registry entries, and running processes. This means that common tools like Windows Task Manager and command-line commands cannot see certain files or processes, particularly those that fit a specific naming scheme (e.g., those starting with “$nya-“).

**Registry Manipulation:** It registers a fake driver (ACPIx86.sys) in the registry to ensure further persistence. This driver is linked to a Windows service, allowing it to execute malicious code without raising suspicion.

**Stealthy Logging:** The malware monitors user interactions, such as clipboard activity, and regularly writes this data to encrypted files, further complicating detection and analysis.

****Countries Targeted in the OBSCURE#BAT Attack****

According to Securonix’s detailed technical report, shared with Hackread.com before its official release on Thursday, the malware appears to be financially motivated or aimed at espionage, targeting users primarily in the following countries:

*   Canada
*   Germany
*   United States
*   United Kingdom

****How to Protect Yourself from the OBSCURE#BAT Attack****

While common sense is a must when downloading software or clicking on unknown links, users and organizations should also follow these key security measures to protect their systems from OBSCURE#BAT and similar threats:

*   **Clean downloads**: Only download software from legitimate websites, and be wary of fake captchas and other social engineering tactics.

*   **Use endpoint logging**: For organizations, deploy endpoint logging tools, such as Sysmon and PowerShell logging, to enhance detection and response capabilities.

*   **Monitor for suspicious activity**: Regularly monitor systems for suspicious activity, such as unusual network connections or process behaviour.

*   **Use threat detection tools**: Consider using threat detection tools, such as behavioural analysis and machine learning-based systems, to detect and respond to threats like OBSCURE#BAT.

New OBSCURE#BAT Malware Targets Users with Fake Captchas

Cary, North Carolina, 13th March 2025, CyberNewsWire

**Cary, North Carolina, March 13th, 2025, CyberNewsWire**

As Artificial Intelligence (AI)-powered cyber threats surge, INE Security, a global leader in cybersecurity training and certification, is launching a new initiative to help organizations rethink cybersecurity training and workforce development. The company warns that AI is reshaping both the threat landscape and the skills required for cybersecurity professionals. While AI offers significant advantages in cyber defense, organizations must ensure their teams are properly trained to leverage it effectively without becoming overly reliant on automation.

> “The rise of AI in cybersecurity isn’t just a challenge—it’s an opportunity,” said Dara Warn, CEO of INE Security. “By training cybersecurity professionals properly, AI can be leveraged to filter noise, reduce burnout, and increase efficiency. However, if we don’t train people to understand the ‘why’ behind AI-driven decisions, we risk a future where cybersecurity professionals are blindly following AI without the expertise to think critically beyond it.”

**AI as a Force Multiplier: Improving SOC Efficiency and Threat Detection**

AI-driven security tools are improving the signal-to-noise ratio, making Security Operations Centers (SOCs) more efficient by reducing false positive alerts—an area cybersecurity tools have been refining for over a decade. AI can prioritize critical threats, allowing analysts to focus on real dangers rather than wasting time investigating false alarms.

> “AI is making threat detection smarter, but it’s not foolproof,” said Tracy Wallace, Director of Content at INE Security. “Security professionals need to be trained to work alongside AI, not just follow its outputs. AI is great at reducing alert fatigue, but analysts still need the expertise to investigate, interpret, and respond to threats accurately.”

**Generative AI: A Double-Edged Sword for Cybersecurity Talent**

One of the most promising yet complex aspects of AI’s rise is its impact on the cybersecurity workforce. On one hand, generative AI will lower the barrier to entry, allowing more professionals to enter the cybersecurity field and reducing the global labor shortage. 

> However, this shift also presents risks. “The concern isn’t that AI is making cybersecurity easier,” said Wallace. “The concern is that if professionals become too dependent on AI outputs, they won’t develop the critical-thinking skills necessary to work beyond what the AI gives them. Organizations must ensure that cybersecurity training teaches professionals not just how to use AI but how to work independently of it when needed.”

**The Data Privacy Dilemma: AI and LLM Security Risks**

Another concern in AI-driven cybersecurity is data privacy and security risks with large language models (LLMs). While concerns over data leakage with cloud-based AI models are growing, this isn’t a new challenge—it’s an evolution of longstanding security principles. Organizations must ensure AI-powered security solutions do not require external data sharing.

> “As AI becomes more deeply integrated into cybersecurity operations, privacy-first security architectures are crucial,” said Wallace. “Organizations need AI models that can operate securely without exposing sensitive data to external systems.”

**The Future of AI Security Training: Agentic Architectures and AI-Driven Automation**

Looking ahead, Agentic AI architectures are becoming a hot topic in cybersecurity. While some view it as buzzword hype, there is real potential for AI-driven security agents that autonomously investigate threats, adjust defenses in real-time, and improve security workflows with minimal human intervention.

> However, automation must be carefully balanced. “Agentic AI might be the future, but we can’t let it replace hands-on expertise and human decision-making,” said Warn. “Security professionals must be trained to interpret AI-driven insights, make judgment calls, and recognize when AI is wrong.”

**Training as the Solution: INE Security’s AI-Powered Cybersecurity Curriculum**

To close the cybersecurity skills gap and help professionals work effectively with AI, INE Security is working to expand its AI-driven training programs. These programs will focus on:

*   **AI-Driven Threat Analysis** – Training security teams to interpret AI-generated threat intelligence and reduce false positives.
*   **Machine Learning for Cyber Defense** – Teaching professionals how AI-powered security models work and how attackers exploit AI vulnerabilities.
*   **Generative AI in Cybersecurity** – Helping cybersecurity teams understand the risks and benefits of AI-generated attacks and defenses.
*   **Hands-On AI Security Labs** – Simulating real-world AI-powered attacks and training professionals on how to counter them manually and with AI assistance.

> “Our end goal is not just to train security professionals how to use AI but to train them how to think critically in an AI-driven world,” said Wallace. 

**The Call to Action: Prepare for AI-Driven Threats Now**

With AI transforming cybersecurity threats at an unprecedented pace, INE Security urges companies to:

*   Train their cybersecurity teams on AI-driven tools, while ensuring they develop critical problem-solving skills.
*   Prioritize AI-powered security solutions that enhance, not replace, human expertise.
*   Implement privacy-first AI models that reduce data exposure risks**.**

> “The AI revolution in cybersecurity is here,” concluded Warn. “Organizations that act now—by investing in security training, developing cybersecurity talent, and understanding how AI truly impacts the field—will be the ones leading the industry forward. The future of cybersecurity belongs to those who train for it.”

**About INE Security**

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers, offering both Red Team training and Blue Team training. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

**Contact**

**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats

The Hague, the Netherlands, 13th March 2025, CyberNewsWire

**The Hague, the Netherlands, March 13th, 2025, CyberNewsWire**

Founded in 2024, **Modat** – the European-crafted, research-driven, AI-powered cybersecurity company, has announced the launch of its premier product, **Modat Magnify**.   

Designed by and for cybersecurity professionals, the team behind the product aims to speed up the lives of these individuals easier by giving them access to the largest Internet ‘Device DNA’ dataset available. The ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile.

*   **FAST.** AI-powered for unparalleled speed. Continuously scanning the entire internet and identify adversary infrastructure in real-time. 
*   **SMART**. Research enhances the development of the platform and offers contextualized data, historical context, and predictive insights. 
*   **EASY**. User-centric UI designed from firsthand experience as cybersecurity professionals From the initial query to the findings result pages, easy-to-filter, read and use.  

> “It starts with research to gain insight and build,” says Soufian El Yadmani, CEO & Founder of Modat. “Offensive and defensive professionals shared what solutions they need to be faster and to focus on what they do best. Scanning the internet is just a beginning. Speed, contextual data, and insight is vital to our products and services. Our ‘Device DNA’ gives value in the results to increase proactive efforts and build cyber resilience.” 

> “Protecting your country takes clear insight into internet connected devices. Modat helps you to protect your country’s infrastructure with this insight,” emphasized Vincent Thiele, COO & Co-Founder of Modat. “We support communities to improve the health of the Internet and deliver products to help make the internet a safer place.”

Recent research covered by 35+ media outlets **Global Impact:** https://rb.gy/59kfce  

**Users can learn more:**

*   https://www.modat.io/modat-magnify
*   modat.io/enterprise 
*   https://www.modat.io/device-dna 

**Pricing & Access:**  

https://magnify.modat.io/pricing    

*   **FREE:**  covers most basic use cases. Solid start for many security professionals 
*   **Practitioner:** €20/m  
*   **Professional:** €60/m 
*   **Business:** €400/m 
*   **Enterprise:** tailored solutions for more complex needs of organisations and governments 

****About Modat****

Modat, founded in 2024 is the European-crafted, AI-powered, research-driven cybersecurity company dedicated to helping security professionals outpace adversaries and stay ahead of evolving threats. Their flagship product, **Modat Magnify**, provides access to the world’s largest Internet “Device DNA” dataset.  

Modat was created by researching, listening to, and directly experiencing the needs and challenges of security professionals. Their products enable the security community by giving access to unparalleled speed, contextualized data, and predictive insights.  

By design, the **Modat Magnify** platform helps offensive and defensive professionals by giving them a fast, smart, easy way to stop searching and start finding. Our ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile to support proactive cybersecurity. 

Modat empowers individuals, companies, and governments to strengthen their security posture and increase cyber resiliency. The team actively joining the fight to get ahead of cyber-attacks by narrowing the growing gap between digital threats and resilience. Join us to outpace and outlast.

**Contact:**

modat.io

LIn: https://www.linkedin.com/company/modat-io/

Bluesky: https://bsky.app/profile/modat-io.bsky.social

For quotes/to schedule an interview, users can reach: 

**Soufian El Yadmani – CEO & Founder** 

Email: \[email protected\]  

LinkedIn: https://www.linkedin.com/in/soufianelyadmani/  

**Vincent Thiele – COO & Co-Founder** 

Email: \[email protected\]  

LinkedIn: https://www.linkedin.com/in/thielev/  

**Contact**

**Head of Marketing**  
**Bessie Schenk**  
**Modat**  
**\[email protected\]**

Modat launches premier product, Modat Magnify for Cybersecurity Professionals

Dragos reveals Volt Typhoon hackers infiltrated a US electric utility for 300 days, collecting sensitive data. Learn how this cyberattack threatens infrastructure.

Cybersecurity firm Dragos has revealed a prolonged cyber attack by the Chinese threat actor **Volt Typhoon** into the United States electric grid, specifically targeting the Littleton Electric Light and Water Departments (LELWD) in Massachusetts. This breach lasted over 300 days from February to November 2023.

The incident came to light just before Thanksgiving in 2023 when the FBI alerted LELWD to a potential compromise. Following investigations, with assistance from Dragos, revealed that the Volt Typhoon had infiltrated the utility’s systems as early as February 2023.

According to Dragos’s **report**, during this extensive period, the threat actors collected sensitive **operational technology (OT)** data, including information on energy grid operations, which could facilitate future disruptive attacks on critical infrastructure.

****Volt Typhoon’s Modus Operandi****

Volt Typhoon, also known as VOLTZITE, is a Chinese state-sponsored advanced persistent threat group active since at least mid-2021. The group focuses on cyber espionage, primarily targeting US critical infrastructure sectors **such as telecommunications** and energy. They employ sophisticated techniques to maintain persistent, long-term access to networks while evading detection.

**Tim Mackey**, Head of Software Supply Chain Risk Strategy at Black Duck, emphasizes the challenges posed by the long lifespan of devices in critical infrastructure. He notes that devices designed and tested to best practices available at their release can become vulnerable to more sophisticated attacks later in their lifecycle. Attackers, aware of the emphasis on uptime and service availability in critical infrastructure, may exploit these vulnerabilities to plan targeted attacks rather than opportunistic ones.

****Implications and Recommendations****

The LELWD incident shows the increasing cyber threats to essential services and why the energy sector needs proper cybersecurity measures. Organizations responsible for critical infrastructure must prioritize regular assessments and updates of their cybersecurity protocols to address evolving threats.

Additionally, implementing strong monitoring systems, conducting security audits, and collaborating with cybersecurity experts are essential to securing your infrastructure from threat actors like the Volt Typhoon.

1.  Hackers Have Reportedly Infiltrated The US Power Grids
2.  Retired Software Exploited To Target Power Grids, Microsoft
3.  Critical Solar Power Grid Vulnerabilities Risk Global Blackouts
4.  Hacking Power Grids: TETRA Radio Hacking Risks Infrastructure
5.  Controller-level flaws let hackers physically damage moving bridges

Source

HackRead