VulnHub

Real-time Cybersecurity News

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

BleepingComputer
Actively Exploited
Malware

Overview

GreyVibe, a suspected Russian hacking group, has been targeting Ukrainian organizations using advanced techniques involving AI-generated messages. They create enticing lures to trick victims into downloading malware, which is custom-built for their operations. This approach allows them to bypass traditional security measures and effectively compromise systems. The use of AI tools like ChatGPT and Gemini in these cyberattacks raises concerns about the evolving nature of threats, particularly in geopolitical contexts. Organizations in Ukraine need to bolster their security protocols to defend against these sophisticated tactics.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrainian entities, custom malware tools
  • Action Required: Organizations should enhance security measures, conduct employee training on recognizing phishing attempts, and implement advanced threat detection systems.
  • Timeline: Ongoing since recent months

Original Article Summary

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]

Impact

Ukrainian entities, custom malware tools

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent months

Remediation

Organizations should enhance security measures, conduct employee training on recognizing phishing attempts, and implement advanced threat detection systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek

California's Attorney General Rob Bonta has filed a lawsuit against 23andMe, the genetic testing company, alleging that it failed to adequately protect user data following a breach earlier this year. The lawsuit comes after the company, now operating under the name Chrome Holding Co. due to bankruptcy proceedings, reportedly exposed sensitive information of its users. This breach raises significant concerns about data privacy and the responsibilities of companies handling personal information. If the allegations are proven, it could lead to stricter regulations and greater scrutiny of how personal data is managed in the biotech industry. Users who trusted 23andMe with their genetic information are particularly affected, as their sensitive data may have been compromised.

May 29, 2026

Man sent to prison for selling data of 7 millions elderly Americans

BleepingComputer

A man from North Carolina has been sentenced to over 10 years in prison for selling the personal data of more than 7 million elderly Americans to scammers based in Jamaica. The man, whose actions have raised concerns about privacy and security, provided sensitive information like names, addresses, and Social Security numbers. This breach not only puts the affected individuals at risk of identity theft but also highlights the ongoing issue of data exploitation in the digital age. Law enforcement officials emphasize the need for stronger protections for vulnerable populations, particularly the elderly, who are often prime targets for scams. The case serves as a reminder of the importance of safeguarding personal information and the severe consequences for those who exploit it.

May 29, 2026

Websites can spy on user activity by analyzing SSD behavior

Help Net Security

Researchers have discovered a new technique called FROST, which allows websites to track user activity by analyzing the behavior of a user's Solid-State Drive (SSD). This method can infer information about the files and applications stored on the SSD, which is unexpected for most users. The implications of this technique raise significant privacy concerns, as it adds another layer to the existing methods websites use to monitor user behavior, like browser fingerprinting and tracking scripts. Users may not be aware that their storage devices can be exploited in this way, highlighting the need for more robust privacy protections. As this method gains attention, it emphasizes the ongoing challenges of online privacy and security.

May 29, 2026

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

Infosecurity Magazine

According to ESET's 2026 APT Activity Report, Chinese-backed advanced persistent threats (APTs) are capitalizing on the instability caused by ongoing conflicts in Iran to target maritime and energy companies. This surge in cyber-attacks indicates that attackers are exploiting geopolitical tensions to carry out their operations. The report highlights that these APTs are not only focusing on regional targets but are also continuing their activities against organizations globally. This situation raises concerns for companies in the maritime and energy sectors, as they may face increased risks of data breaches and operational disruptions due to these cyber threats. Understanding these tactics is crucial for organizations to bolster their cybersecurity defenses and protect sensitive information.

May 29, 2026

AI-Generated npm Malware Leaks Its Own GitHub Token

Infosecurity Magazine

A recent incident involving an AI-generated npm infostealer has drawn attention after it accidentally exposed its own GitHub token, revealing the identity of its operator. This infostealer, designed to collect sensitive information, had a flaw that led to the leak of the token on a public platform. As a result, researchers were able to trace back to the developer behind the malware, raising concerns about the capabilities of AI tools in creating malicious software. This incident highlights the potential risks associated with the misuse of AI in software development, particularly in the realm of cybersecurity. Developers and users of npm packages should be vigilant about the security of their applications and the code they incorporate from third parties.

May 29, 2026

Humanix expands detection to identify live violations of security procedures

Help Net Security

Humanix has introduced a new capability aimed at detecting real-time violations of security procedures in IT support workflows. This is particularly important as help desk and service desk agents often face pressure from attackers to bypass identity verification steps, which can lead to unauthorized access and data breaches. By identifying these violations as they occur, Humanix aims to enhance the security of sensitive requests, such as credential resets. This development is crucial for organizations that rely on help desk support to protect sensitive information and maintain secure operations. The new feature could help prevent incidents where attackers exploit human vulnerabilities in security protocols.

May 29, 2026