CyberSecurityBoard
Sponsor Register Login

Threat actors abuse XS-Grok AI to spread malicious links

Threat actors have started exploiting XS-Grok AI, an AI-powered tool, to distribute malicious links and conduct phishing campaigns. This abuse highlights the growing trend of cybercriminals leveraging advanced AI technologies to enhance their attack methods. XS-Grok AI, designed to assist users in generating content and analyzing data, is being manipulated to create convincing phishing messages that trick victims into clicking harmful links. These links often lead to malware downloads, credential theft, or further exploitation of victims' systems. The misuse of AI tools like XS-Grok underscores the urgent need for improved cybersecurity measures and awareness among users and organizations. Cybersecurity experts recommend vigilance when interacting with AI-generated content and emphasize the importance of robust security protocols to detect and mitigate such threats. This incident serves as a reminder that while AI offers significant benefits, it also presents new challenges in the cybersecurity landscape, necessitating continuous adaptation and proactive defense strategies.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 03 Sep 2025 22:05:13 +0000


Cyber News related to Threat actors abuse XS-Grok AI to spread malicious links

Grok 4 benchmark results: Tops math, ranks second in coding - Gemini 2.5 Pro and Claude still remain the best models for coding, but that might change when xAI ships Grok 4 Code in August. Grok 4 is a huge leap from Grok 3, but how good is it compared to other models in the market, such as Gemini 2.5 Pro? We ...
4 months ago Bleepingcomputer.com
Grok 4 spotted ahead of launch with special coding features - Grok 4 Code (grok-4-code-0629) — Engineering Intelligence Unleashed — a model purpose-built to be your coding companion. Elon Musk-funded xAI is skipping Grok 3.5 and releasing Grok 4 after Independence Day in the United States, and it ...
5 months ago Bleepingcomputer.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
xAI prepares Grok 4 Code as it plans to take on Claude and Gemini - xAI is planning to release Grok 4 without Vision and Image support after Independence Day in the United States of America. xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. One of the models is ...
4 months ago Bleepingcomputer.com
Unauthorized Access to Grok-3 AI Achieved via Client-Side Code Exploitation - A researcher with the handle “single mode” has demonstrated how client-side code manipulation can bypass access controls and gain unauthorized access to Grok-3, an AI model integrated into Elon Musk’s X platform. The script modifies ...
9 months ago Cybersecuritynews.com
Threat actors abuse XS-Grok AI to spread malicious links - Threat actors have started exploiting XS-Grok AI, an AI-powered tool, to distribute malicious links and conduct phishing campaigns. This abuse highlights the growing trend of cybercriminals leveraging advanced AI technologies to enhance their attack ...
2 months ago Bleepingcomputer.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com
Threat Actors Exploit Microsoft Verified Publisher Status to Abuse OAuth Privileges - Researchers from cybersecurity firm Proofpoint have discovered a new threat campaign involving malicious third-party OAuth apps that are used to infiltrate organizations cloud environments. Threat actors abused Microsofts Verified publisher status, ...
2 years ago Csoonline.com
xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X - The exposed credentials provided unauthorized access to private large language models (LLMs) specifically fine-tuned for SpaceX, Tesla, and Twitter/X internal operations, highlighting critical vulnerabilities in credential security practices even at ...
6 months ago Cybersecuritynews.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
7 months ago Cybersecuritynews.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com
Why the Keitaro TDS keeps causing security headaches - A software company named Keitaro has long been labeled by cybersecurity vendors as a legitimate traffic distribution system vendor, yet the company's product is repeatedly used for malicious activity by cybercriminals. Despite being described as a ...
1 year ago Techtarget.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
2 years ago Unit42.paloaltonetworks.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)