Autonomous, GenAI-Driven Attacker Platform Enters the Chat

Researchers are sounding the alarm on an emerging all-in-one, AI-driven hacking tool that provides attackers with a modular architecture for developing and launching a range of cybercriminal operations, such as phishing campaigns, vulnerability exploitation, or even ransomware attacks. “Xanthorox AI,” a cyberattack platform first spotted in March circulating on darknet hacker forums and encrypted channels, enables a style of self-directed, autonomous AI-driven attacks that defenders feared may eventually appear when generative AI (GenAI) technology first became mainstream, according to research from SlashNext published on April 7.

Boards Urged to Follow New Cyber Code of Practice

A new government initiative launched today aims to improve cyber-resilience across UK organizations by providing new guidance for boards. The Cyber Governance Code of Practice describes the actions company directors and board members need to take to ensure cyber-risk is managed effectively. The government argued that improving oversight at this level is vital to growing the economy, given that 74% of large and 70% of medium-sized firms experienced attacks and breaches in the past year. It claimed that such incidents cost the national economy almost £22bn a year between 2015 and 2019.

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

Cybersecurity firm Huntress has shared details on the post-exploitation activities seen in the attacks leveraging the recently disclosed CrushFTP vulnerability. The vulnerability, discovered by researchers at security firm Outpost24, is tracked as CVE-2025-31161 and it allows an attacker to bypass authentication and gain access to a system. Its disclosure has been shrouded in controversy, with developers of the enterprise file transfer solution blaming security firms for the quick in-the-wild exploitation of the flaw. Huntress has been seeing attacks exploiting the CrushFTP vulnerability since March 30. Initially, threat actors appeared to be testing access, but the security firm later started observing post-exploitation activity aimed at setting up persistent access to targeted hosts.

Inside the Russian-Speaking Underground: The Frontline of Global Cybercrime

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today launched a new research paper, delivering a unique and comprehensive look into the Russian-speaking cyber underground, an ecosystem that has shaped global cybercrime over the past decade. Set against the backdrop of a rapidly evolving cyber threat landscape, the research paper explores major trends reshaping the underground economy: the long-term impacts of the pandemic, the fallout of mass breaches and double extortion ransomware, the explosion of accessible AI and Web3 technologies, and the widespread exposure of biometric data. As both cyber criminals and defenders grow more sophisticated, new tools, tactics, and business models are driving unprecedented levels of specialization within underground communities.

WhatsApp Tests Advanced Privacy Feature for Blocking Chat Exports

WhatsApp is testing a new option that lets you control whether other chat members can export your chats with them or automatically save media you send them, according to WaBetaInfo. Referred to as “advanced chat privacy,” the new option has a toggle in a recent WhatsApp beta for iOS. By turning it on, you can prevent individual users or people in a group chat from exporting the entire chat history outside of WhatsApp.