AI Turned Against Us 🤖 + Hackers Are Bypassing Your MFA Right Now
Today's top security stories are a wake-up call: attackers are now weaponizing AI tools to break into systems, and the "change your password" advice is officially outdated — hackers have moved on to stealing something far harder to protect.
🤖 A Hacker Jailbroke Google's AI to Steal Passwords and Drain Crypto Wallets
Researchers at TrendAI have uncovered a Russian hacker who spent five years running a sophisticated operation — and his secret weapon was a jailbroken version of Google's Gemini AI. By tricking the AI into ignoring its safety rules, the attacker used it to generate thousands of password variations, crack into 29 WordPress websites, and even deploy fake crypto wallet software that secretly stole victims' funds.
This isn't a theoretical threat — it's a real campaign that already caused real harm. What makes it alarming is how it shows AI assistants can be turned into hacking tools by anyone willing to probe their limits. If your business uses AI-powered tools (and most do now), this is a reminder that the same technology helping you work faster can be exploited by attackers to work faster against you.
🔑 Forget Stolen Passwords — Hackers Are Now Stealing Your Login Session Itself
Three major security reports — from CrowdStrike, the FBI, and Verizon — all point to the same alarming trend: the most effective attacks on banks and financial firms no longer bother stealing your password at all. Instead, attackers call your IT help desk pretending to be you, convince them to reset your multi-factor authentication (MFA), and then hijack your account using a "token" — essentially a digital key that grants access for weeks or months without ever needing a password.
Even more concerning: a $250/month subscription service called Kali365 lets anyone — no technical skills required — run these attacks at scale against Microsoft 365 accounts. Once inside, attackers can silently access emails, files, and sensitive data for months before anyone notices. This is why businesses need to go beyond basic MFA and require stricter identity verification for any account changes.
Stay ahead of threats with GOCO Security at gocosecurity.com
.jpg)
Comments
Post a Comment