Cybercriminals are using AI cloaking services to hide fake sites and malware from scanners. Learn how it works—and how defenders are adapting to fight back.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Imagine if hackers could give their scam websites a cloak of invisibility. The tech world calls this trick cloaking – showing one web page to regular people and a harmless page to the guards. That’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites […] The post How Threat Actors Use AI to Hide Malicious Sites first appeared on SlashNext.| SlashNext
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted […] The post Xanthorox AI – The Next Generation of Malicious AI Threats Emerges first appeared on SlashNext.| SlashNext
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […] The post Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and ...| SlashNext
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
Explore how Xanthorox AI’s modular, self-hosted design empowers cybercriminals—and learn how SlashNext defends against these advanced, AI-driven threats.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser