Cybercriminals are using AI cloaking services to hide fake sites and malware from scanners. Learn how it works—and how defenders are adapting to fight back.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Imagine if hackers could give their scam websites a cloak of invisibility. The tech world calls this trick cloaking – showing one web page to regular people and a harmless page to the guards. That’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites […] The post How Threat Actors Use AI to Hide Malicious Sites first appeared on SlashNext.| SlashNext
ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check. Disguised as something familiar, like a Cloudflare CAPTCHA, it convinces users to copy and paste dangerous code without realizing the risk. We’ll break down how ClickFix works, examine […] The post Decoding ‘ClickFix’: Lessons from the Latest Browser-Based Phish first appeared on SlashNext.| SlashNext
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted […] The post Xanthorox AI – The Next Generation of Malicious AI Threats Emerges first appeared on SlashNext.| SlashNext
It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-life example of this: the abuse of DocuSign’s actual application to deliver malicious links. Then, we’ll dive into how our […] The post How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters first appeared on SlashNext.| SlashNext
A fake Cloudflare CAPTCHA? ClickFix cons users into pasting malicious commands. See how it works—and how SlashNext blocks it before damage is done.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
Explore how Xanthorox AI’s modular, self-hosted design empowers cybercriminals—and learn how SlashNext defends against these advanced, AI-driven threats.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Learn how attackers exploit trusted cloud apps like DocuSign and how advanced URL analysis unveils hidden phishing and malware threats before damage occurs.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
PhishWP creates fake payment pages that look like trusted services. It's used as a phishing trap to steal sensitive information such as credit card numbers, personal data, and browser metadata.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Project Phantom is a groundbreaking development that revolutionizes threat detection using the latest iteration of our zero-trust virtual stealth browser technology.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser